Senior/ Lead -IT Security Vulnerability Specialist

At Mitel, you will have the opportunity to help businesses connect, collaborate and provide better experiences for our customers. You will deliver valuable contributions in creating business success within our global organization utilizing your unique attributes, skills and experience.

Please take a moment to look over this opportunity and if interested, feel free to send us your application. If this is not the right opportunity for you, you can also sign up for Job Alerts by creating an account. This will give you a profile that you can use for all future applications, and you will be notified whenever a new position that matches your criteria becomes available.

Overview:

Reporting to the Director of Enterprise Security, you will be responsible for identifying, assessing, and mitigating security vulnerabilities across the organization’s IT infrastructure.  This role involves conducting regular security vulnerability assessments, analyzing the results, tracking and collaborating with cross-functional teams to address or ensure adequate compensating controls are in place. The successful candidate will have hands-on IT Security skills and methodologies to identify risks and propose and actively participate in implementing mitigation solutions, defenses and countermeasures to protect Mitel operations.

Responsibilities:

• Be an individual contributor and a great team player with a mindset to improve, secure and support the business

• Co-ordinate and manage timely remediation of security vulnerabilities and attack surface findings across various technologies

• Identify, resolve, and document any false positive findings from vulnerability assessment results, attack surface findings and other reported vulnerabilities

• Perform weekly/monthly and ad-hoc vulnerability assessments for servers, user systems, network assets, public-facing assets and databases using (available commercial) Tenable and other open-source tools

• Manage scan configurations and status, including asset grouping and authentication; update and manage scan templates; update schedule scans and reports

• Manage and troubleshoot vulnerability management and attack surface reductions tools

• Perform or manage penetration testing and run exploit codes and tools for vulnerability validation

• Review and assess environment for any missing critical assets

• Track vulnerability remediation via ticketing system and perform validation by ad hoc scans

• Coordinate with the core network, endpoint teams and server teams to discuss patches that are not applied for a longer time, target patch level, CVEs covered by the corresponding patches

• Be knowledgeable of the Common Vulnerability Scoring System (CVSS) vulnerability assessment method, operation concepts and corrective updates

• Analyzes data, systems and network to identify gaps between security policy, IT controls and practice

• Have good knowledge of web application vulnerabilities, assessment tools and methodologies

• Prepare detailed and summary reports and vulnerability metrics for stakeholders, management and compliance reporting

• Open support case with scanning tools vendor for appropriate support

• Contribute to the development of IT Security standards, processes, procedures, and policies, and addresses exceptions for vulnerability management policy and program

• Assist in incident response process by providing expertise on vulnerabilities that may have been exploited during an incident

• Support and enhance existing IT Security programs and controls to optimize security operations

• Supports Governance and Compliance work including ISO27001 certifications program and other IT Security audit compliance activities

Requirements:

• Bachelor or specialized college degree in Information Management, Computer Science, System Engineering or another related IT program with 5+ Years of applicable experience

• Have a minimum of 3 years of hands-on experience working with above said vulnerability tools and 5 to 8 years of experience in the information security domain

• Experience with penetration testing tools and testing and executing exploit code

• Professional designation such as CISSP, CISM, SANS GIAC (Global Information Assurance Certification) or equivalent;

• Strong interpersonal skills, including the ability to influence others and establish credibility with key stakeholders

• Excellent oral and written communication skills

• Ability to work with small teams to achieve goals and meet deadlines in a fast-paced environment

• Can work independently with minimal supervision and direction

For more information, visit Why Mitel or follow us on LinkedIn here.

Mitel is committed to achieving workforce diversity and creating an inclusive working environment. Diversity makes sense for us, for our customers and for our future. We value different perspectives, skills and experiences, and welcome applications from all sections of the community.