Senior Vulnerability Assessment

What you will do

• Review recurring assessments for enterprise assets, report on discovered vulnerabilities, and guide customers’ mitigation strategies, tracking remediation against service objectives
• Perform research and analysis of vulnerability assessments; contextualize and prioritize results so as to guide customers’ remediation efforts
• Utilize threat-based, intelligence-led approach for Vulnerability Management and remediation to reduce customers’ cyber-risk
• Assist in the development of risk-based remediation plans with proposed solutions for identified vulnerabilities
• Understand how business functions operate and how industry trends impact a customers’ business objectives
• Deliver key messages with clarity, confidence, and poise to instill confidence in clients
• Develop impactful reports and presentations that support the achievement of engagement goals and objectives
• Build and nurture positive working relationships with customers with the intention to exceed client expectations
• Collaborate with stakeholders to prioritize vulnerability remediation and address potential attack vectors
• Stay informed about the threat landscape to maintin current knowledge of vulnerabilities and adapt security measures accordingly
• Collaborate with cross-functional teams to design and implement advanced vulnerability and managed risk dashboards
• Liaise with customer compliance teams to understand unique compliance requirements of Sophos Managed Risk customers
• Engage in continuous, self-driven learning to stay current on trends, strategies, and technologies in the Vulnerability Management space
• Introduce and evolve practices, templates, policies, tools, and partnerships to expand and mature service offering capabilities
• Identify opportunities for efficiencies in process and innovative approaches to completing scope of work
• Maintain strong working relationships and credibility amongst groups within the Sophos Managed Services organization

What you will bring

• Bachelors in Information Technology, Computer Science or a related field; or relevant commensurate work experience
• Exceptional writing, documentation, and presentation skills to effectively communicate findings to customers/stakeholders
• 5-8 years of experience in conducting vulnerability assessments, attack surface management preferably in both IT and OT (Operational Technology) environments
• Must be able to thrive within a team environment as well as on an individual basis
• Advanced understanding of risk analytics/modeling and vulnerability assessment
• Proficient in utilizing vulnerability scanning tools, e.g., Tenable
• In-depth understanding of vulnerability classification and scoring methodologies (CVSS, CVE, CWE, NVD), as well as exploitability likelihood models such as EPSS, CISA KEV, Tenable VPR
• Familiarity with compliance frameworks including, but not limited to: ISO27001, SOC2, SOX, GDPR, HIPPA, PCI-DSS, and State/FedRAMP
• Knowledgeable about cybersecurity best practices and frameworks, including SANS Top 20 Critical Security Controls, NIST Cybersecurity Framework, MITRE ATT&CK Framework, CIS Controls, and OWASP Top 10
• Ability to prioritize impactful vulnerabilities and minimize noise often associated with vulnerability tools
• Understanding of network-based, system-level, cloud, and application-layer attacks and their mitigation methods
• Foster a culture of continuous learning by organizing knowledge-sharing sessions and workshops, while acting as mentor to junior team members by providing guidance on best practices, industry insights and professional development thereby equipping them with the skills needed to excel in their roles
• Skilled in managing time independently while juggling multiple projects concurrently in a fast-paced environment
• Superior customer service skills