Drive the world-wide remediation of vulnerabilities (revealed by vulnerability scanners, application penetration testing, and other sources) by tracking and controlling the remediation activities while obeying the agreed upon due date.
Analyze vulnerabilities in co-operation with other Information Security units (e.g. results of penetration tests), and propose adequate remediation measures.
Maintain communication to different stakeholders, as well as internal and external service providers, monitor and report remediation progress, propose remediation measures (best practice sharing), support exception process and maintain escalation process (via CISOs).
Work in a virtual team for world-wide vulnerability remediation, tracking and monitoring the successful remediation of discovered vulnerabilities, respecting deadlines.
- Drive the remediation of vulnerabilities in all affected units
- revealed by automatic security scanners, or
- manual penetration tests.
- Analyze vulnerability in co-operation with other vulnerability management units and propose adequate remediation measures.
- Support exception process and maintain escalation process.
- Identify affected assets and communicate with the owner/service manager
- Monitor and report remediation status.
- Analyze vulnerability scan results and report on overall remediation and security status
- Identify and verify false positives
- Clearly understand and communicate risks associated with vulnerabilities
- Describe technical residual risks for risk acceptance candidates
- Facilitate vulnerability remediation strategies
- Develop subject matter expertise in focused areas of security
- Ensure adherence to deadlines
Academic degree and work experience required, or equivalent combination of education and experience
- Experience in penetration testing, network security, system security and respective security tools
- Working knowledge of common network devices and operating systems, incl. secure configuration and patch management
- Experienced in vulnerability management or remediation topics
- Experienced working in similar multinational environment with intercultural competence and working in virtual teams
- Self-motivated, eager to learn, and able to work in an independent manner
- Strong Office skills, especially in PowerPoint, Word & Excel
- Excellent communication and written skills
- Analytical, technical, negotiation and relationship management skills appealing any level of business and management
- Language skills: English (required), Spanish or German language skills are a strong plus
- Work experience with 2-3 years in InfoSec or IT infrastructure operation