This position supports the information security function by providing oversight, coordination, and delivery of systems supporting compliance and assurance activities as well as operational functions essential to maintaining our cybersecurity posture. As a member of PPDCC you will focus on all finding types that carry a Required Resolution Date (RRD).
In your first year, your focus will be vulnerability management from maintenance of Qualys scans, to interpretation and sequencing of findings, management of Application Technical Contacts (ATC), execution of patching and configuration changes, and compliance management – i.e., ensuring that findings are remediated or accepted prior to the initial RRD.
As you demonstrate mastery of the above, you will be expected to improve the efficiency of the system (i.e., the people, process, and technology) used to manage findings with RRDs. This will include business and system architecture, process documentation and maintenance, and innovation (e.g., education of stakeholders, automation of process, product management, introduction of new technologies, etc.) designed to improve consistency at scale or to remove work from ATCs that can be done within the RRD Administration team.
This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.
Basic Qualifications
2+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience
Preferred Qualifications
3 or more years of work experience with a Bachelor’s Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
2-3 years of end-to-end vulnerability management experience including provision of vulnerability scanners, agent provision and maintenance, interpretation of findings, ranking of findings outside of VVMS scores, option assessment, management of superseded patches, false positives, reassignment of findings, remediation actions (i.e., patching), confirmation (i.e., re-scanning to confirm remediation), and management of remediation to a standard. Qualys experience is preferred, but, not required.
Familiarity with MS Excel, PowerPoint, Word, and SharePoint
Ability to work independently, translate broad directives to detailed plans, independently problem solve, and to collaborate and communicate to ensure alignment to the objectives and the progress of work to completion.
Excellent verbal and written communication skills
Familiarity with common controls frameworks including OWASP, SANS Top 20 Security Controls, and NIST 800-171
One year of experience in automation, tool development, or scripting with Python or JavaScript
Familiarity with assurance standards such as ISO 27001, PCI-DSS, SSAE 16, SOC, etc.
Security+, CySA+, or the equivalent certification from another credible institution
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.