Senior Associate Information Security Engineer

Who are we?

Equinix is the world's digital infrastructure company®, shortening the path to connectivity to enable the innovations that enrich our work, life and planet.

A place where bold ideas are welcomed, human connection is valued, and everyone has the opportunity to shape their future.

Help us challenge assumptions, uncover bias, and remove barriers-because progress starts with fresh ideas. You'll find belonging, purpose, and a team that welcomes you-because when you feel valued, you're empowered to do your best work.

Job Summary

The Threat and Vulnerability Management (TVM) Analyst promotes security by identification, assessment, and reporting of security vulnerabilities pertaining to corporate assets to reduce risk of exploitation via prioritized remediation and achievement of service-level agreements (SLAs). These processes involve vulnerability scanning, risk analysis, patch management, and coordinating remediation with multiple internal teams, often across cloud, container, and application environments. Common vulnerability scanner operation, understanding cloud security (e.g., AWS, Azure, GCP, etc.), understanding common software development and software security practices, and ability to navigate compliance frameworks are important skills and knowledge for this role. The TVM Analyst evaluates internal and external vulnerability scanning results, addresses false positives, and produces and disseminates related reporting to TVM stakeholders. Current knowledge of industry standards and best practices in vulnerability management assists the TVM Analyst in contributing to continued improvement of the TVM program. Additionally, this individual works with internal team members to ensure that systems remain functional, secure, and are managed in an efficient and scalable manner.

• Configuring and executing scheduled and ad hoc network- and host-based scans using enterprise-grade tooling to identify vulnerabilities within multiple environments
• Developing and enhance scanning strategies to ensure comprehensive scanning coverage across the entire company
• Analyzing vulnerability data to identify trends, patterns, and potential impacts and reporting findings to relevant stakeholders
• Partnering with enterprise-wide stakeholders to understand environmental, compliance, and other factors that may influence prioritization of remediation of vulnerabilities
• Notifying system owners and other vulnerability stakeholders on a periodic basis and assisting in achievement of remediation within established SLAs by asserting formal processes
• Creating, maintaining, and presenting weekly and monthly metrics to stakeholder, management, and executive management audiences
• Maintaining and validating Operating System Baseline Configuration standards that are mapped to standards such as the Center for Internet Security (CIS) Critical Security Controls
• Communicating risks and recommending security controls to stakeholders at all levels
• Assessing exposure to zero-day and other significant vulnerabilities to ensure timely response to threats and risks

• Experience working with a vulnerability scanning platforms (e.g., Nexpose, Nessus, Qualys, etc.)
• Strong technical skills related to operating systems, networks, applications, virtualization, and cloud environments
• Knowledge of security best practices, risk assessment, and vulnerability classification (e.g., CVSS, MITRE ATT&CK, etc.)
• Extensive automation experience using Python, PowerShell, or other common means of automating repeatable work tasks
• Understanding of asset and application management systems and ability to use these systems in a scaled manner to work efficiently
• Experience working with information security teams such as fusion centers, security operations centers, vulnerability assessment, vulnerability threat management, and security incident management
• Strong understanding of potential compensating controls related to asset and application vulnerability to assist in prioritization of vulnerability remediation
• Must be a self-starter, self-motivated, and able to work independently with little oversight
• Strong communications skills and the ability to positively influence vulnerability stakeholders
• Bachelor's degree required, master's degree preferred
• Degrees and/or Certifications in information security and similar preferred