Sr. Security Engineer

This job is to support Vulnerability Management program. Perform research and analysis of scheduled and on demand vulnerability assessments and post results. Conduct POC and Implement IoT and OT security solution to Client unmanaged IoT/OT assets. Work with Asset owner to safeguard assets and patch any unresolved vulnerabilities. Ensure all assets and network segments are scanned periodically and results are shared with infrastructure team. Research exploit techniques and mitigation strategies. Perform analysis of asset and vulnerability information to identify risks that were not discovered via automated scanning Troubleshoot issues that may occur during automated network scanning, and or agent scans. Review public and private vulnerability notifications/disclosures, consume research findings and prioritize remediation efforts. Create visibility and awareness for upper management on vulnerabilities that require attention. Develop vulnerability reports and scorecards that define the current state of the corporate network security risk posture. Integrate vulnerability management tools with other systems, such as CMDB, SIEM, and Archer. Assist with implementing policy compliance tools to monitor compliance against CIS and other industry related benchmarks. Implement Web Application Scanning solution. Provide vulnerability reports to application team, and be a subject matter expert on remediation. Develop rules to identify non-compliant resources in our cloud environments and create automations to remediate the non-compliant resources.

Quals--
Bachelors degree in Information Security, Information Technology or Computer Science. Must have experience with Qualys/Tenable(or equivalent vulnerability management tool), Forescout/Armis (or equivalent IoT/OT tool). Bachelors degree in Information Security, Information Technology or Computer Science. 3+ years of cyber security experience specifically working in Vulnerability Management. Experience with automated vulnerability scanners like Nessus, Qualys or Rapid7 Knowledge of vulnerability management, policy compliance, and web application scanning solutions. Working knowledge of cloud environments such as AWS, GCP, and Azure. Basic understanding of regulatory structures such as PCI, PII, and GDPR. Creative and adaptive work ethic, with a strong customer-oriented attitude. Development experience with one of the following programming languages. o Python o Node.JS o Java Scripting experience with Bash or PowerShell Ability to clearly communicate and present to various levels of the organization Strong organizational and analytical skills with attention to detail Independent and self-motivated and very thorough worker Experience building and securing Infrastructure as Code (IaC) using CloudFormation, ARM, Ansible, SAM and/or similar tools


All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. NLB is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, contact HR department by sending an e-mail to notifications@nlbservices.com.