Senior Vulnerability Management Engineer
Why We Work at Dun & Bradstreet
We are at a transformational moment in our company journey - and we're so excited about it. Each day, we are finding new ways to strengthen our award-winning culture, and to accelerate creativity, innovation and growth. Our purpose is to help customers improve business performance with Dun & Bradstreet's Data Cloud and Live Business Identity, and we're wildly passionate and committed to this purpose. So, if you're looking to make an immediate impact at a company that welcomes bold and diverse thinking, come join us!
Dun & Bradstreet is responsible for collecting and analyzing the data of 285 million commercial entities and 100 million associated contacts. We offer the world's most comprehensive commercial data source, and our data drives critical everyday business decisions. The trust and confidence our customers have in the protection and integrity of that data is critical to our success.
Our Global Security and Risk team is responsible for securing the technologies, applications and data that millions of our customers rely on each and every day. We are building a best-in-class team of security experts with a relentless focus on results, creativity in solving business challenges, a passion to develop their own careers and further their knowledge in security, and can work closely with our business units, technology teams and customers. In working with us - you'll help to continuously improve the program, implement leading new technologies, and be part of our company transformation.
The trust our customers and partners put in our systems and data is critical to our success. We are seeking a strong Senior Vulnerability Management Engineer who can deliver on large scale initiatives to help mature the information security and risk management programs. This role reports to the Director of Vulnerability Management.
Senior Vulnerability Management Engineer
We are looking for highly self-motivated candidate for our Global Vulnerability Management team within Global Security and Risk. Our team performs one of the most critical security and risk functions at the firm detecting vulnerabilities in our technology and ensuring their remediation before they can be exploited by malicious hackers.
- Development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support
- Collaborate extensively with firms engineering teams to help them understand their vulnerabilities and collectively develop remediation and mitigation strategies.
- Follow public and/or private vulnerability feeds
- Rate D&B's exposure (impact and likelihood of compromise) to newly identified vulnerabilities
- Provide proof-of-concept exploits in a lab environment to demonstrate exploitability
- Provide risk assessment inputs into patch management policies and activities for multiple platforms across the firm.
- Develop and maintain metrics and reports on vulnerability findings and remediation compliance.
- Contribute to network security strategy and automation
- Maintain knowledge and skillset relevant to trends in the industry
- Minimum 10-12 years of security experience, specifically around organizational security and vulnerability management.
- Experience with common vulnerability feeds from government, vendor, and open source communities
- Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
- Familiarity with vulnerability management frameworks and concepts such as CVE, and CVSS
- Ability to assess and articulate actual business risk along with good report writing and client presentation skills of researched vulnerabilities
- Demonstrated understanding of infrastructure and cloud vulnerability scanning
- Ability to develop and maintain positive relationships with other technology teams
- Good understanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rdparty libraries and remediation
- Scripting and/or programming skills (e.g., Python, PowerShell, Java, JS, etc.)
- A strong understanding of application, Linux, Windows and network security
- Ability to work both independently and in a highly collaborative team environment
- Understanding of the lean and agile framework and processes
- Strong communication skills - written and verbal
Dun & Bradstreet is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, age, national origin, citizenship status, disability status, sexual orientation, gender identity or expression, pregnancy, genetic information, protected military and veteran status, ancestry, marital status, medical condition (cancer and genetic characteristics) or any other characteristic protected by law.
We are committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment with Dun & Bradstreet and need special assistance or an accommodation to use our website or to apply for a position, please send an e-mail with your request to TalentAcquisitionTeam@dnb.com. Determination on requests for reasonable accommodation are made on a case-by-case basis.
Please note that all Dun & Bradstreet job postings can be found at https://dnb.wd1.myworkdayjobs.com/Careers and all communication from Dun & Bradstreet will come from an email address ending in @dnb.com.
Back to top