MINDBODY is looking to hire a talented, self-directed individual to join our NOC team as a Vulnerability Remediation Engineer. The candidate will be responsible for analyzing previously-identified vulnerabilities, then prioritizing and implementing remediations in order to continually improve security. Vulnerabilities are from various environments and identified by equally various tools, teams, and methodologies.
The engineer will work with development and QA teams covering diverse technologies and applications to verify that the changes do not impact the functionality of their application. It is critical that this individual apply and follow a process-driven approach, but equally important that they must be able to interact with multiple levels of leadership and build positive, collaborative working relationships. The position will require working with varied backgrounds, both technical and non-technical, and they will be interacting with broad scopes of work and technical standards that will require explanation of how their proposed remediations and their environments will interact.
Success will require a broad technical knowledge that will enable the selected candidate to understand vulnerabilities, their exposure techniques and compensating controls across the full stack of technologies. The ability to communicate clearly and directly using both verbal and written communication is required. The candidate should be able to translate and explain technical concepts from one tech discipline (e.g. networking, virtualization, cloud resources) into other tech disciplines. This role reports to our Sr. Manager, Enterprise Operation Center.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
- Review vulnerabilities discovered by internal and external tools, penetration testing, and other sources
- Analyze vulnerabilities and propose resolutions to various IT operations, security, and risk teams
- Plan, manage, and execute projects to remediate vulnerabilities as necessary
- Create/update documentation to reflect procedures to prevent or remediate vulnerabilities as detected and resolved
- Respond to requests from internal and external compliance, risk, and security teams
- Review existing processes and recommend changes or institute new processes as necessary, including the areas of creating/deploying new resources, programs, etc.
- Report progress on ongoing/long-term vulnerability resolutions and related projects to various levels of technical and non-technical stakeholders
- Communicate requests to IT security and risk teams, with evidence of false positives or requirements of exceptions
- Monitor ongoing status/percentage of remediation and advise on trends, forecasts, and make recommendations to address
- Ensure adherence to standards, policies, and procedures. This includes maintaining compliance standards within our defined scope for all vulnerabilities
- All other duties as assigned
- Bachelor's degree in Computer Science or related technical field, or equivalent practical experience. or equivalent practical experience.
- 2-4 years’ experience in a systems administration role (preferably Windows) or equivalent
- 1-2 years’ exposure to administering/engineering Linux servers
- 2-3 years’ experience with Active Directory and constituent services (DNS, Group Policy, AD LDS, etc.)
- Expertise in problem solving and analyzing global scale distributed systems.
- Familiar with Agile methodology
- Strong sense of ownership and teamwork across various technical disciplines
- Strong written and verbal communication skills
- Positive and professional attitude, with strong attention to detail
NICE TO HAVE:
- 1-2 years exposure to AWS and Azure PaaS/IaaS and related resources
- MCSA in Windows Server, MCSE: Server Infrastructure, or Microsoft Certified: Azure Administrator Associate certification
- CEH, ITIL, or other IT risk management/compliance certifications
- Experience in compliance and other IT remediation projects
- Experience with WSUS, SCCM, Ansible, or other patch management/software deployment systems.