Threat & Vulnerability Management Consultant

Description :

We are seeking a skilled Cloud Vulnerability Management Operator to join our dynamic team. As an Cloud Vulnerability Management Operator, you will be responsible for identifying, assessing, and mitigating vulnerabilities across our multi-cloud environments. You will leverage native cloud tooling and services to ensure the security and integrity of our cloud infrastructure.

What you will do:

• Work under the supervision and direction of the Threat and Vulnerability Operations Manager (TVM) and other senior members of the Security Operations team
• Develop strong working relationships with support teams, management, and cross-functional working groups
• Provide guidance to junior-level staffing where appropriate
• You would be responsible for reducing the Security risks in the cloud infrastructure environment
• Curate and ensure metrics and reporting are shared with leadership and key stakeholders, time to triage, time to respond
• Configure and maintain Cloud Posture Management tooling (CSPM) and provide guidance on secure infrastructure best practices
• Provide expertise within the Threat and Vulnerability Management program which includes Cloud Security Posture Management (CSPM)
• Develop technical security controls and secure configuration baselines for public cloud resources in AWS, Azure, and GCP
• Responsible for identifying, assessing, and mitigating vulnerabilities within a multi-cloud infrastructure
• Implement and leverage native cloud services to ensure the security and integrity of the multi-cloud infrastructure (e.g., AWS Inspector, GCP SCCP, Azure Defender)
• Ensure the regular scanning of instances and images to identify and assess vulnerabilities
• Assist with the tracking of the Infrastructure Bill of Materials (IBOM) to maintain an up-to-date inventory of all components and their security status
• Collaborate with development and operations teams to integrate security best practices into the CI/CD pipeline as it relates to posture management
• Review and ensure cloud infrastructure assets follow traditional CIS benchmarking standards and complete all required scanning (e.g., image scanning, VM, container, etc.)
• Create and maintain remediation tickets across our multi-cloud environment
• Proactively document and communicate deviations from standard baselines
• Fundamentals, Network/Endpoint Security, Cybersecurity Risk & Compliance, or Information Technology
• Strong organizational, interpersonal, and presentation skills
• Excellent written and oral communication skills
• Ability to multi-task and handle multiple projects at the same time
• Exceptional problem-solving, critical thinking, and analytical skills

Desired Skills:

• 5-10+ years of Cloud Security experience
• Experience in Cloud Vulnerability management, configuration, and validation using various tools across multi-cloud environments
• Subject matter specialist or expert knowledge in AWS Inspector for Cloud, GCPs SCCP
• Cloud-related certification in either AWS or GCP
• Azure certification desired
• Awareness of metrics and reporting structure including experience with metrics curation tools (e.g., PowerBi)
• Proficiency using both the AWS Management Console and the AWS Command Line Interface (CLI)
• Proficiency in using both the GCP SCCP and the GCloud CLI commands
• Experience leading teams without a management role
• Possess at least five years of Linux and/or Windows System Administration knowledge
• Experience with vulnerability scanning tools and reporting
• Experience with vulnerability management scoring methodologies
• Knowledge of Cloud Posture Management tooling
• Knowledge of OWASP Top 10
• Experience with the threat intelligence lifecycle
• Experience with application security frameworks