Senior Threat Vulnerability Management Engineer

About Commvault 

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data. 

JOB DESCRIPTION:

What you’ll do… 

• Work with both on-prem and public cloud assets and assess the technology stack from the operating system through to the code and application stack. 
• Make major contributions to shaping both the technical and process aspects of the TVM lifecycle. 
• Configure and operate TVM scanning platforms; analyze and triage scan results; and work with internal partners and stakeholders to drive remediation of detected vulnerabilities.
• Collect and oversee Application Security test processes executed by distributed development teams.
• Define, organize, and execute penetration test efforts to assess targeted Commvault services, and information assets.
• Establish & operate KPI/KRI metrics, and data trends analysis in support of management decisions.
• Develop and drive cybersecurity initiatives related to threat & vulnerability management with adherent to ‘continuous monitoring’ and ‘continuous improvement’ thought process.

Responsibilities include but are not limited to the following:

• Day-to-Day Operation of Infrastructure Scan/Analyze/Triage/Remediate Process
  • Configure and operate TVM scanning platform.
  • Analyze & Triage scan results.
  • Prepare Scan metrics and reporting.
  • Work with internal stakeholders to remediate detected vulnerabilities.
  • Plan and execute focused TVM campaigns as needed.
  • Good knowledge on integration of scanning tools with other tools using connectors and any centralized vulnerability management tools (such as Keena, Vulcan) is preferable.
     
• Penetration Test Planning, Coordination & Execution
  • May be required to directly conduct penetration tests against selected Commvault services and information assets.
  • May be required to plan, direct, and coordinate 3rd party penetration test teams.
     
• Application Security Testing Management & Coordination
  • Monitor SAST, DAST, and Penetration tests executed by DevSecOps personnel on distributed development teams.
  • Act as SME to development teams if they require assistance interpreting and remediating results.
  • Collate, Merge, and Analyze AppSec/Secure SDLC scan results for trends and management reporting.
     
• Reporting & Data Analysis
  • Establish and maintain KPI’s and KRI’s for the TVM Program and its Components.
  • Analyze collected scan data for latent patterns around technical vulnerabilities, or process deficiencies.
     
• Threat Picture & Industry Knowledge
  • Cyber Threat Intelligence (CTI) knowledge.
  • Maintain current awareness of security trends, emerging threats, and recent zero-day exploits.
  • Apply such knowledge to Commvault’s Vulnerability picture, alerting management to specific escalated risks directly applicable to Commvault.

Who you are...

Education

• BA/BS Degree or equivalent work experience.
• Security Certifications—CISSP, OSCP, other penetration test certifications.
• Cloud Certifications—Azure preferred.

Experience

• 10+ years in information security area.
• 5+ years in a technical role with hands-on technology, either on the IT side, or in Security.
• Direct experience with Active Directory, Windows, and Linux.
• Experience with one of the major public cloud providers.
• Solid knowledge of Network protocols and workings.
• Direct hands-on penetration test experience.
   

Soft Skills

• Leadership—the ability to “lead up” by influencing senior members of the team.
• Self-Starting & Self-Directing—ability and drive to see what needs to be done, and craft a solution.
• Communications--Ability to work with all levels of stakeholders, from low level apprentices to senior management.
• Communications--Ability to communicate complex situations to audiences at the appropriate level of detail.
• Project Management & Coordination of cross functional/cross-departmental teams.
   

Process & Workflow Design

• Ability to author SOPs and processes.
   

Data Handling & Analysis Skills

• Ability to merge data from different sources for cross-source analysis.
• Ability to query standard relational databases (SQL).
• Ability to produce summary data analysis to drive KPI’s, KRI’s, trend analysis and to support management decisions.
   

Technical Skills

• Ability to configure scans and scan automation on one or more industry standard scanning platforms— (Tenable, Nessus, Qualys, etc).
• Penetration test skills (Kali Linux, Burp Suite, etc).
• Utility Scripting or light programming—as needed to automate and integrate toolsets.

Meet the Hiring Manager: 

Mike Dennin, Director, Information Security

You’ll love working here because: 

• Continuous professional development, product training and career pathing

• An inclusive company culture, opportunity to join our Community Guilds

• Generous Global Benefits

• Employee Stock Purchase Plan

Ready to #makeyourmark at Commvault? Apply now! 

#LI-JS1

#LI-Remote

Thank you for your interest in Commvault. Total compensation for this role is market competitive, and within the below base salary range:

We’re proud to offer competitive benefits that care for you and your family through our 401K plan, health benefits (including medical, dental, and vision available for families and domestic partners), and pet insurance for your furry family members. You can also find the details of our U.S. benefits by visiting benefits.commvault.com.

Commvault is an equal opportunity workplace and is an affirmative action employer. We are always committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status and we will not discriminate against on the basis of such characteristics or any other status protected by the laws or regulations in the locations where we work.

Commvault’s goal is to make interviewing inclusive and accessible to all candidates and employees. If you have a disability or special need that requires accommodation to participate in the interview process or apply for a position at Commvault, please email accommodations@commvault.com For any inquiries not related to an accommodation please reach out to wwrecruitingteam@commvault.com.

For our Candidates to prioritize your security: 

Commvault has been made aware of email and/or text correspondence scams that falsely state that the senders are from the Commvault HR team and/or a member of our leadership team. The scammers even conduct false interviews via email or text and then request personal information (name, address, birthdate, social security number, etc.) when returning the signed offer letter. Please note that Commvault does not conduct interviews by email or text, and we will never ask you to submit a W4 via email or prior to your first day of employment. 

If you think you have been targeted in this recruiting scam, please reach out to us at wwrecruitingteam@commvault.com. You can also find more tips about job scams and how to avoid them on the FTC’s website.