Posted in General Business 30+ days ago.
Type: Full-Time
Staff Engineer Information Security Threat and Vulnerability Management (TVM)
Equinix is the world’s digital infrastructure company, operating 200+ data centers across the globe and providing interconnections to all the key clouds and networks. Businesses need one place to simplify and bring together fragmented, complex infrastructure that spans private and public cloud environments. Our global platform allows customers to place infrastructure wherever they need it and connect it to everything they need to succeed.
We are a fast-growing global company with 70+ consecutive quarters of growth. Through our innovative portfolio of high-performance products and services, we have created the largest, most active global ecosystem of nearly 10,000 companies, including 1,800+ networks and 2,900+ cloud and IT service providers in over 26 countries spanning five continents.
A career at Equinix means you will collaborate on work that impacts the world and be surrounded by endless opportunities to learn new skills and grow in varied directions. We embrace diversity in thought and contribution and are committed to providing an equitable work environment that is foundational to our core values as a company and is vital to our success.
Job Summary: The position will work closely with other Information Security staff and IT functions to ensure the success of the Vulnerability Management program. Responsible for daily contribution to the Threat & Vulnerability Management charter and goals, particularly keying on application security.
Responsibilities
Demonstrate Information Security Threat and Vulnerability Management expertise
Assist in configuring vulnerability assessment tools, as well as performing scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results
Maintain awareness of emerging threats in the application security domain
Engage with a broad variety of development teams and understand the respective SDLC processes to ensure that secure coding practices are adhered to and application vulnerabilities are being addressed
Monitor, understand, and prioritize vulnerabilities detected during SAST scanning
Monitor, understand, and prioritize vulnerabilities detected during DAST scanning
Monitor, understand, and prioritize vulnerabilities detected during Web Application scanning
Perform threat modeling to quantify application risk
Coordinate scanning activities with cross functional teams and work collaboratively with all levels of the business
Communicate scanning results and remediation plans to stakeholders
Provide guidance for addressing vulnerabilities, which could include system patching, deployment of specialized controls, standards, or infrastructure changes, and/or changes in development processes. Identify and resolve any false positive findings in assessment results
Produce metrics and reporting on the state of system security, threats, vulnerabilities, and patch management
Interact with multiple global teams (security architecture, penetration testing, application development, Risk Officers, etc.)
Monitor Remediation Activities
Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams
Validate remediation by reviewing application updates or deployed mitigations to verify resolution
Assist in maintaining TVM tools / platforms
Maintain knowledge of the threat landscape
Qualification
BS in Computer Science or equivalent
Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. CISA, CISSP, GCIH)
Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security)
Experience with a wide variety of code scanning tools
Must be well versed in the SDLC from a vulnerability perspective
Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks, and vulnerability management
Experience with vulnerability scanners, vulnerability management systems, patch management and host-based security systems
Knowledge of vulnerability scoring systems (CVSS/CMSS)
Must possess excellent verbal and written communication skills
Ability to learn new technologies
We offer Medical, TeleMedicine, Dental, Vision, Life and AD&D insurance, 401K, Leave of absence & disability benefits, paid time off & holidays and more.
In accordance with Colorado State Law (https://leg.colorado.gov/bills/sb19-085) the salary range for Colorado for this role is $96K to $130K per Year with 15% bonus target.
Equinix is an equal opportunity employer. All applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with disabilities
Wells Fargo |
Nevro |
Nevro |