Descripción del puesto

Key Responsibilities: 

Working in conjunction with application, platform, and product development teams, regularly review, analyze, and manage vulnerability assessment results to identify potential security weaknesses in cloud infrastructure and applications.

Collaborate with cross-functional teams to prioritize and categorize vulnerabilities based on severity, potential impact, and likelihood of exploitation.

Analyze security findings from various sources, such as security tools, penetration tests, to identify trends and patterns.

Manage and drive vulnerability tracking and timelines for remediation.

Work closely with DevSecOps, IT and platform teams to ensure timely patching, configuration changes, and updates to address identified vulnerabilities.

Stay up to date with the latest security threats, vulnerabilities, and mitigation strategies in cloud technologies, and translate this knowledge into actionable insights.

Collaborate with third-party vendors, Experian cyber fusion team, and internal stakeholders to address vulnerabilities and verify successful remediation.

Provide regular reports and updates to management regarding the organization's vulnerability posture, ongoing remediation efforts, and improvements made to the vulnerability management program.

Manage and track completion of security training and awareness programs for business unit.

Assist with tracking and remediating control gaps.

Drive efforts to ensure consistency of controls across the business unit.

Build relationships with key stakeholders across the organization to track and manage risk. 

Mentor teammates on processes, best practices, prioritization, and issue resolution as per Experian policies, standards, and technical service baselines.

Flexibility to be a utility player where needed as this business evolves.

Other duties as requested.

Requisitos

Qualifications

Bachelor's degree in computer science, information technology, cybersecurity, or a related field or demonstrated equivalent experience.

Have or willingness to achieve industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), and Certified Cloud Security Professional (CCSP).

Knowledge of major cloud platforms such as AWS, Azure, including experience with cloud security services and configuration management.

Some experience using scripting languages (e.g., Python, Bash) with a focus on automating security controls.

Familiarity with container security best practices, orchestration platforms (e.g., Kubernetes), container runtime security, and related tools (e.g., container scanning tools).

Some experience or familiarity with vulnerability scanning and assessment tools for cloud, containers, and big data systems, and the ability to interpret and prioritize the results.

Understanding of security principles, best practices, and common vulnerabilities in cloud environments, big data systems, and container technologies (e.g., Kubernetes, Docker)

Understanding of basic security testing methods and technologies, including penetration testing, web application security assessments, vulnerability assessments, etc.

Understanding of security monitoring tools, intrusion detection systems, and the ability to analyze logs to detect and respond to security incidents.

Skills to assess and prioritize vulnerabilities based on risk factors, business impact, and industry standards.

Strong analytical and problem-solving skills to identify root causes of vulnerabilities and work collaboratively with teams to remediate them.

Effective communication skills, both written and verbal, to interact with technical and non-technical stakeholders, present findings, and provide security recommendations.

The ability to stay current with evolving cloud, big data, and container security trends, and adapt to new technologies and emerging threats.

Agile project management skills to manage vulnerability assessments, remediation efforts, and ongoing security initiatives.

Collaborative attitude, willingness to work in cross-functional teams, and a commitment to a culture of security within the organization.

Beneficios

Law Benefits

Courses and Certifications

100% Remote