Lead Cybersecurity Engineer (Vulnerability Scanning)

The core function of the Lead Information Security Engineer (Vulnerability Scanning) is to support the Cybersecurity Engineering Manager in achieving Vulnerability Management goals through the use of vulnerability scanning, assessment, reporting tools, and automation.  Assignments at this level require working closely with information asset owners and other members of the Enterprise Risk & Resiliency Cybersecurity team to identify and assess security vulnerabilities.  This position requires strong technical knowledge of operating system platforms, related applications, vulnerability assessment platforms, and scripting/automation.  The successful job candidate should stay informed of current events in the security industry, including the latest exploits and threats, as well as preventative measures.  Must clearly demonstrate above standard Cybersecurity and Vulnerability Management competence.

Strategy & Planning

• Participate in the planning and design of vulnerability assessment tools and capabilities, under the direction of the IT Security Manager, where appropriate.
• Participate in the creation and maintenance of enterprise security documents (policies, standards, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.
• Provide advanced technical expertise and direction regarding vulnerabilities and required remediation efforts to IT staff.
• Lead the evaluation and implementation of Vulnerability Scanning solutions.
• Develop security solutions that facilitate the company’s strategic business needs.
• Conduct research on emerging technologies in support of security efforts and recommend technologies that will increase the enterprise security posture.

Acquisition & Deployment

• Recommend security controls and systems to support business goals of the company.
• Implement security systems that have positive budgetary impact by aligning cost of security solutions with risk.
• Enhance the company’s information assets by contributing to its security, integrity, efficiency, availability, and accuracy.
• Work closely with Infrastructure and Engineering teams to plan, coordinate, and implement security measures to remediate vulnerabilities across the environment, including IT infrastructure, applications, and Industrial Control Systems.
• Maintain up-to-date detailed knowledge of the cybersecurity industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors, especially related to security vulnerabilities.

Operational Management

• Participate in the secure design, engineering, configuration, operation, and maintenance of Vulnerability Scanning platforms.
• Work in collaboration with infrastructure and support teams to review and remediate security-related vulnerabilities affecting a variety of Operating Systems platforms (Windows, Linux, macOS, iOS, etc.).
• Perform strategic analysis; apply advanced principles, theories, and concepts to resolution of problems.
• Establish and communicate design and architecture standards via mentoring, technical presentations, and white papers.
• Interact with all levels of employees and vendors, including executive management, technical personnel, and contractors.
• Maintain familiarity with industry security standards and baselines, such as CVE, CVSS, CIS, NIST, etc.
• Maintain operational configurations of all in-place security solutions as per the established baselines.
• Monitor in-place Vulnerability Scanning solutions for efficient and effective operations.
• Participate in investigations into potential security events, with a focus on security vulnerability exposure.
• Participate in vulnerability assessments and security audits.
• Provide on-call support for in-place Vulnerability Scanning solutions, as needed.
• Track daily work in project management software.

Incidental Functions

• Assist with Change Management preparations and implementations when needed, providing technical subject matter expertise in the Vulnerability Scanning area.
• Evaluate Vulnerability Scanning services and products; perform product proof of concept analysis.
• Lead the integration of Vulnerability Scanning solutions, with assistance from other members of the team.
• Provide security analysis and consultation services.
• Lead and attend meetings with Information Security and other IT groups regarding Vulnerability Scanning efforts.
• Assist with other projects as may be required to contribute to efficiency and effectiveness of the security program.
• Participate in hiring activities and fulfilling affirmative action obligations and ensuring compliance with the equal employment opportunity policy.
  
   

Formal Education & Certification

• Bachelor’s degree or foreign equivalent in related field or equivalent experience. 
• Preferred CISSP, GIAC, Qualys, or CompTIA Security+ certifications.

Knowledge & Experience

• 8+ years IT experience.
• 6+ years of experience with Server Operating Systems and/or Vulnerability Management technologies and associated management systems.
• 4+ years of experience assessing and remediating security vulnerabilities.
• 4+ years of experience with APIs, scripting, and automation.
• Understanding of common threats, penetration/intrusion techniques and attack vectors
• Experience identifying and implementing solutions to complex business problems.
• Understanding of CVSS, CVE, NIST, CIS and/or other standards and security frameworks.
• Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Qualys, Nessus, ServiceNow Vulnerability Response, and/or Metasploit. 
• Understanding of various server operating systems (Windows Server, Linux, macOS, iOS, and/or Android) with an emphasis on vulnerability assessment and/or security configuration/OS hardening.  
  • Experience in one or more of the following areas
    • Security and Information and Event Monitoring (SIEM) products such as Splunk, Sentinel, etc.
    • OS security configuration baselines and best practices (CIS, NIST, etc.).
    • OS patch management.
    • Data analysis using Microsoft Excel or other tools.
    • Experience presenting to various levels of the organization (technical, management, etc.).

Here, we believe there’s not one path to success, we believe in careers that grow with you. Whoever you are or wherever you come from in the world, there’s a place for you at Sherwin-Williams. We provide you with the opportunity to explore your curiosity and drive us forward. Sherwin-Williams values the unique talents and abilities from all backgrounds and characteristics. All qualified individuals are encouraged to apply, including individuals with disabilities and Protected Veterans. We’ll give you the space to share your strengths and we want you show us what you can do. You can innovate, grow and discover in a place where you can thrive and Let Your Colors Show!  At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/. Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee. Compensation decisions are dependent on the facts and circumstances of each position, which will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of non-discriminatory factors considered in making compensation decisions including geographic location; skill sets; experience and training; licensure and certifications; and other business and organizational needs. The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable federal, state, and local laws including with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act where applicable. Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract. As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans. Please be aware, Sherwin-Williams recruiting team members will never request a candidate to provide a payment, ask for financial information, or sensitive personal information like national identification numbers, date of birth, or bank account numbers during the application process.