Principal Engineer -Vulnerability & Security

Position: Vulnerability and Security Compliance Lead

Job Summary: We are seeking an experienced Vulnerability and Security Compliance Lead to join our team. The ideal candidate will be responsible for leading efforts to identify, assess, and remediate vulnerabilities across our IT infrastructure while ensuring compliance with relevant security standards and regulations. You will work closely with cross-functional teams to develop and implement security policies, procedures, and best practices that protect our organization from threats.

Key Responsibilities:

Vulnerability Management:

• Lead the vulnerability management program, including vulnerability scanning, assessment, and remediation processes.
• Coordinate with IT and engineering teams to prioritize and address identified vulnerabilities based on risk impact.

Security Compliance:

• Ensure compliance with industry standards and regulations (e.g., ISO 27001, NIST, PCI-DSS, HIPAA) by developing and maintaining security policies, procedures, and documentation.
• Conduct regular compliance assessments and audits to identify gaps and recommend corrective actions.

Risk Assessment:

• Perform risk assessments to identify potential threats and vulnerabilities to the organization's information assets.
• Develop and implement risk mitigation strategies and controls to reduce exposure to security threats.

Security Policies and Procedures:

• Develop, review, and update security policies, procedures, and guidelines to align with best practices and regulatory requirements.
• Communicate security policies and compliance requirements to employees and stakeholders to promote awareness and adherence.

Incident Response:

• Lead incident response efforts related to security breaches or vulnerabilities, ensuring timely identification, containment, and remediation.
• Conduct post-incident reviews to assess the effectiveness of response actions and implement improvements.

Collaboration and Training:

• Collaborate with IT, legal, and other departments to ensure alignment on security compliance initiatives.
• Provide training and awareness programs to employees on security best practices, compliance requirements, and vulnerability management.

Continuous Improvement:

• Stay current with the latest security trends, threats, and compliance requirements, evaluating their impact on the organization.
• Recommend and implement improvements to security controls and processes based on emerging threats and vulnerabilities.

Qualifications:

• Educational Background:
  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Experience:
  • 5+ years of experience in information security, vulnerability management, or compliance roles.
  • Proven experience leading vulnerability assessments and compliance audits in a corporate environment.
• Technical Skills:
  • Strong knowledge of security frameworks (e.g., NIST, ISO 27001), vulnerability management tools (e.g., Qualys, Nessus), and security compliance regulations.
  • Familiarity with security technologies such as firewalls, intrusion detection/prevention systems, and endpoint security solutions.
• Certifications:
  • Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or equivalent are desirable.

Preferred Skills:

• Experience with security incident response and threat intelligence.
• Knowledge of risk management methodologies and practices.
• Familiarity with cloud security practices and compliance frameworks.