Product Incident Manager

AYR Global IT Solutions is a national staffing firm focused on cloud, cyber security, web application services, ERP, and BI implementations by providing proven and experienced consultants to our clients. Our competitive, transparent pricing model and industry experience make us a top choice of Global System Integrators and enterprise customers with federal and commercial projects supported nationwide.

Job Title: Product Incident Manager
Location: Philadelphia, PA
Duration: 12+Months

Summary
The Product Security Incident Manager serves as a product security incident responder for reported product vulnerabilities that relate to Clients products. This role will entail managing the lifecyle of externally reported security product vulnerabilities and ensuring that appropriate internal stakeholders are engaged to resolve the reported vulnerabilities. This position will entail managing the queue of reported vulnerabilities, issuing corresponding responses to external reporters, coordinating efforts with internal technical teams to make them aware and hold teams accountable for prompt resolution to issues. This role will interface heavily with Corporate Communications and Legal teams to ensure responses to external parties are appropriate and prompt.

Skill and Abilities
Experience with vulnerability management
Experience with incident response methodology in investigations and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs)
Knowledge of systems administration (*nix/Windows), network engineering, and security engineering
Must be comfortable at the command line of a UNIX-like OS
Intermediate level understanding of cloud/vm, automation, and devops technology
Ability to use tools to process large text files
Knowledge of product development lifecycles
Familiarity with responsible disclosure practices
Ability to work with other technical security and development teams to remediate vulnerabilities
Experience with penetration testing and/or systems auditing
Knowledge of OWASP top 10, referring to NVD/CVE, CVSS Scoring
Intermediate level understanding of validation tools and methodologies (port scanners, etc).
Intermediate level understanding of common vulnerabilities in large/agile environments.
Experience with software development methodologies and the software used within large/agile environments
Project Management experience or PMP certification
Knowledge of networking concepts and analysis tools and operating systems, software, and security controls
Ability to perform independent research and report on findings
Ability to be a self-starter, quick learner, and detail oriented
Ability to perform analysis with strict attention to detail and display solution orientation to learn and adapt quickly
Possession of excellent oral and written communication skills, including communicating effectively under normal and stressful situations

If anyone might be interest, please share your resume at smalik(at)ayrglobal(dot)com or you can directly contact me at 630-444-7490