Previous Job
VP, Regional Head, Vulnerability Management
Ref No.: 17-15155
Location: Jacksonville, Florida
Position Type:Direct Placement
Start Date: 11/09/2017
Pay Rate : $ 127,000.00 - 136,000.00 /Hour
Alluvion Staffing is seeking a VP, Regional Head, Vulnerability Management

Roles and Responsibilities overview:
  • Lead, develop, deploy and oversee the entire Vulnerability Management Team including methodologies to support the development of secure code, testing, and implementation.
  • Must have experience working with Global teams
  • Stay current on the latest security threats and vulnerabilities and educate staff to take informed proactive actions to the enterprise environment and collaborate with enterprise architecture teams to evaluate new or improved technologies with regard to replacing or upgrading existing System Security infrastructure.
  • Develop an operational roadmap for the sustained success of the team - includes measuring the team's performance against Service Level Objectives (SLOs) and continuous improvement for their team.
  • Participate in infrastructure and security incident management processes to derive root cause and after action reports.
  • Strong technical leadership working with vulnerability and configuration assessment tools such as network vulnerability scanning tools, dynamic, and static code scanning tools.
  • The candidate will be required to perform and evaluate scans across the production estate using vulnerability management tools, custom scripts and present reports based on findings to both technical and non-technical teams.
  • The candidate will be required to provide operational scanning in the event of incidents to assist local security operations team.
  • Understanding of application vulnerabilities and be able to demonstrate with evidence exploits possible and work with application owners to remediate.
  • Maintaining scanning infrastructure, knowledge of Unix and Microsoft OS
  • Work with external vendors to review and validate vulnerability reports. Confirm and test for findings and determine root cause for remediation.
  • Discovery, Investigation and assistance in remediation of PKI certificates used on internally and externally facing servers.
  • Develop documentation and process for tracking vulnerabilities and issues.
Position Description: 
This is an operational position and support to the organization can range from 7am – 7pm, Monday to Friday and will ensure the as an accurate, threat driven, and timely understanding of the vulnerabilities that exist within the enterprise. 
Ensure that all vulnerabilities are reported and understood by the various stakeholders. This includes looking across not only the operational enterprise, but to infuse Vulnerability identification into the development of new capabilities by providing self-service functions that can be utilized across the technology groups. 
The position calls for a strategic individual who understands business operations, information technology and security and will utilize that knowledge to assist with the implementation of an effective security campaign that ensures the overall security position of the company is aligned with business needs and the evolving threat landscape. Cyber Threat Operations, Malware Analysis, Security Monitoring, Incident Response, Forensics and Vulnerability Management provides global services from key locations.

Technical Experience:
  • 10+ years of experience working in an information security or IT operations related field in an enterprise environment with experience in comprehensive vulnerability management programs
  • 5+ years of experience in a managerial role within IT security or IT operations.
  • Experience utilizing two or more open-source and enterprise vulnerability assessment tools such as Qualys, Foundstone, Rapid7, Whitehat, WebInspect, Veracode, Fortify, MetaSploit, Nessus.
  • Knowledge of at least one Unix variant and at least one Windows version (able to install, administer and use the operating systems).
  • Knowledge of IP Networking, network hardware, basic networking tools, common TCP protocols and common TCP and UDP services.
  • Understanding of at least one Scripting languages: Ruby, Python or Perl, and programming techniques.
  • Must be proficient in the following tools nMap, Nessus Enterprise /Security Manager, Rapid 7, Burp Suite or similar.
  • Proficient in the use of Splunk.
Non-Technical Experience:
  • Previous experience managing and collaboration with a global staff.
  • Proven leadership skills including: effective oral and written communication, performance management, issue resolution, negotiation, motivating others, forecasting, and planning.
  • Self-motivated with ability to work with minimal supervision.
Education and Certifications:

Degree from a four-year university or major course work in computer science, networking, engineering or other computer-related field of study.
Desired Certifications:
  • One of the following certifications: CISSP, GXPN, GWAPT, OSCP.