Vulnerability Management Engineer

Nelnet is a diversified and innovative company committed to enriching lives through the power of service as a student loan servicer, professional services company, consumer loan originator and servicer, payments processor, renewable energy solutions, and K-12 and higher education expert. For over 40 years, Nelnet has been serving its customers, associates, and communities.

The perks of working at Nelnet go beyond our benefits package. When you join the Nelnet team, you're part of a community invested in the success of each individual. That support comes through in our work, as we are united by our mission of creating opportunities for people where they live, learn, and work.

Nelnet Cyber Security Group (CSG) is looking for an experienced and skilled individual to join the Vulnerability Operations (VO) team. Nelnet’s Vulnerability Operations team is responsible for managing the attack surface and collaboration with various business units to assess risk by identifying vulnerabilities and threats to our organization and working to drive remediation of identified security risks. The Vulnerability Operations team sits with in the larger Nelnet Cyber Security Group and works closely with the Nelnet Security Operations Center (SOC) and Offensive Operations team. Join Nelnet to lead and improve our efforts to identify, understand, and reduce the attack surface of Nelnet while helping our business units achieve the Nelnet core values for our customers, employees and communities we serve.

This position requires work in support of the Company’s contract with the United States Department of Education (“ED”). As such, the United States Government requires that any applicant for this position must complete United States Government security clearance. Effective June 1, 2018, ED has informed Nelnet that security clearance applications for foreign nationals are not being accepted or processed. In light of this direction from ED, Nelnet will be unable to hire applicants without United States citizenship for such positions.

JOB RESPONSIBILITIES:

• •    Lead the design, development, and continuous improvement of the organization’s vulnerability management strategy, aligning with business objectives and security requirements.
  •    Stay up to date on emerging security threats and vulnerabilities, and ensure the program adapts accordingly.
  •    Oversee the configuration and maintenance of vulnerability scanning tools.
  •    Analyze vulnerability data to assess risk and recommend appropriate mitigation strategies.
  •    Develop and implement vulnerability remediation plans, working collaboratively with all technology teams and the business.
  •    Collaborate with cross-functional teams to assess vulnerability risks, prioritize remediation efforts, and ensure timely resolution of critical vulnerabilities to minimize security risks and operational impact.
  •    Knowledge of CIS benchmarks, DISA STIGs, NSA Hardening Guides, and other industry security frameworks.
  •    Demonstrated passion for continuous learning.

EDUCATION: 

Bachelor’s degree in cyber security or information systems OR relevant work experience.

Cyber Security related certifications such as GIAC GSEC, GCED, GEVA, CompTIA Security+ , CySA+, ISC2 CISSP are a plus.

EXPERIENCE: 

•    2+ years of experience in vulnerability management and/or security operations.
•    Experience with Vulnerability management solutions (Rapid 7, Qualys, Tenable, etc.)
•    Experience with patching tools like Microsoft MECM.
•    Experience with EDR administration (Microsoft Windows Defender, CrowdStrike Falcon, VMware Carbon Black, Palo Alto Network Cortex XDR, Tanium etc.)
•    Solid understanding of cloud-based hosting platforms, with background on security threats deriving from Azure, AWS and GCP hosted services being preferred.
•    Partner with the SOC, Cyber Threat Intel, Offensive Security Team, and other stakeholders to refine prioritization, to validate impact of suspected vulnerabilities, to advise owners on mitigation strategies or compensating controls, and to provide accurate & timely reporting that informs remediation progress.

•    Knowledge of python programming language is required.

Pay range for this role is $75,000-$125,000 annually, depending on experience.

#LI-CW1

#LI-Remote

Our benefits package includes medical, dental, vision, HSA and FSA, generous earned time off, 401K/student loan repayment, life insurance & AD&D insurance, employee assistance program, employee stock purchase program, tuition reimbursement, performance-based incentive pay, short- and long-term disability, and a robust wellness program. Click here to learn more about our benefits: LINK.

Nelnet is an Equal Opportunity Employer, complies with Executive Order 11246, and takes affirmative action to ensure that qualified applicants are employed, and that employees are treated during employment, without regard to race, color, religion/creed, national origin, gender, or sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by Federal or State law or local ordinance.  

Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Corporate Recruiting at 402-486-5725 or corporaterecruiting@nelnet.net.

Nelnet is a Drug Free and Tobacco Free Workplace.