Senior Manager, Cybersecurity

Job Description:

Position Description:

Identifies and remediates vulnerabilities in software applications and infrastructure. Develops, documents, and operationalizes technical procedures necessary to respond to externally-sourced security reports. Targets known application and network security vulnerabilities using methods - vulnerability assessments, penetration testing, red teaming, incident response, and security engineering. Researches and reproduces security vulnerabilities reported. Develops timely remediation plans to security threats in collaboration with technical leadership across the business.

Primary Responsibilities:

• Collaborates with security researchers and application teams to ensure validation, prioritization, and remediation of vulnerabilities.
• Researches and reproduces security vulnerabilities, proposes risk mitigation strategies, and ensures appropriate security controls to safeguard digital files and electronic infrastructure.
• Supports proactive technical assessments and applications.
• Provides assistance and support to developers for remediating and re-validating vulnerabilities until closure.
• Conducts targeted vulnerability training sessions for team members to enhance knowledge and understanding of specific vulnerabilities.
• Communicates cybersecurity program results and trend analyses to stakeholders on a regular cadence.
• Ensures continuous improvement of overall enterprise cybersecurity.
• Plans, implements, upgrades, or monitors security measures for the protection of computer networks and information.

• Demonstrated Expertise ("DE") estimating risks on security flaws that are uncovered during static or dynamic analysis using NIST framework; conducting pen-testing on applications to uncover security exploits - XSS, XSRF, SQL, CSV Injection, XXE Processing, HTTP Request Smuggling, Broken Access Control, and Privilege escalation - using BurpSuite Enetrprise Edition, Fiddler, Kali Linux, and SQLMap; and conducting retests to determine mitigation measures implemented by the development teams, using retesting tools specific to the environment and application being tested.
• DE designing and implementing processes for receiving, assessing, and responding to externally-sourced security reports, using issue tracking system (JIRA), email communication, and vulnerability management platforms (HackerOne and Bugcrowd); conducting thorough assessments of reported vulnerabilities, determining their severity, and potential impact on the security posture, using security testing tools (BurpSuite, Qualys, and Kali Linux), CVSS calculator, and NIST framework; and coordinating and triaging reported vulnerabilities, working closely with technical teams to ensure timely remediation within SLA requirements.
• DE improving security assessment processes by performing root cause analysis on issues encountered and facilitating risk analysis - determining severity score for vulnerabilities - using CVSS score; analyzing Common Vulnerability Exposure (CVE) on third party libraries, using Veracode SCA, MEND, SourceClear, and NVD databases; performing application log file analysis to determine information disclosure; and coordinating vulnerability fixes with stakeholders using collaboration and communication tools (Microsoft Teams) and project management platforms (JIRA).
• DE performing in-depth analysis of internal environments, system, applications, and network infrastructure to identify similar vulnerabilities and potential areas of improvement, using application security testing tools (Burp Suite), vulnerability scanner (Qualys), and network scanning tools (Nmap); and conducting comprehensive false negative analysis to identify gaps and threats, using code review tools (Veracode SCA), penetration testing tools, and log analysis tools (Splunk).