Commvault · 18 hours ago
Senior Threat Vulnerability Management Engineer
MA
Full-time
Remote
Senior Level, Lead/Staff
$68K/yr - $196K/yr
10+ years exp
Maximize your interview chancesData ManagementManagement Information Systems
Insider Connection @Commvault
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Work with both on-prem and public cloud assets and assess the technology stack from the operating system through to the code and application stack.
Make major contributions to shaping both the technical and process aspects of the TVM lifecycle.
Configure and operate TVM scanning platforms; analyze and triage scan results; and work with internal partners and stakeholders to drive remediation of detected vulnerabilities.
Collect and oversee Application Security test processes executed by distributed development teams.
Define, organize, and execute penetration test efforts to assess targeted Commvault services, and information assets.
Establish & operate KPI/KRI metrics, and data trends analysis in support of management decisions.
Develop and drive cybersecurity initiatives related to threat & vulnerability management with adherent to ‘continuous monitoring’ and ‘continuous improvement’ thought process.
Day-to-Day Operation of Infrastructure Scan/Analyze/Triage/Remediate Process
Configure and operate TVM scanning platform.
Analyze & Triage scan results.
Prepare Scan metrics and reporting.
Work with internal stakeholders to remediate detected vulnerabilities.
Plan and execute focused TVM campaigns as needed.
Good knowledge on integration of scanning tools with other tools using connectors and any centralized vulnerability management tools (such as Keena, Vulcan) is preferable.
Penetration Test Planning, Coordination & Execution
May be required to directly conduct penetration tests against selected Commvault services and information assets.
May be required to plan, direct, and coordinate 3rd party penetration test teams.
Application Security Testing Management & Coordination
Monitor SAST, DAST, and Penetration tests executed by DevSecOps personnel on distributed development teams.
Act as SME to development teams if they require assistance interpreting and remediating results.
Collate, Merge, and Analyze AppSec/Secure SDLC scan results for trends and management reporting.
Reporting & Data Analysis
Establish and maintain KPI’s and KRI’s for the TVM Program and its Components.
Analyze collected scan data for latent patterns around technical vulnerabilities, or process deficiencies.
Threat Picture & Industry Knowledge
Cyber Threat Intelligence (CTI) knowledge.
Maintain current awareness of security trends, emerging threats, and recent zero-day exploits.
Apply such knowledge to Commvault’s Vulnerability picture, alerting management to specific escalated risks directly applicable to Commvault.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
BA/BS Degree or equivalent work experience.
Security Certifications—CISSP, OSCP, other penetration test certifications.
10+ years in information security area.
5+ years in a technical role with hands-on technology, either on the IT side, or in Security.
Direct experience with Active Directory, Windows, and Linux.
Experience with one of the major public cloud providers.
Solid knowledge of Network protocols and workings.
Direct hands-on penetration test experience.
Leadership—the ability to 'lead up' by influencing senior members of the team.
Self-Starting & Self-Directing—ability and drive to see what needs to be done, and craft a solution.
Ability to work with all levels of stakeholders, from low level apprentices to senior management.
Ability to communicate complex situations to audiences at the appropriate level of detail.
Project Management & Coordination of cross functional/cross-departmental teams.
Ability to author SOPs and processes.
Ability to merge data from different sources for cross-source analysis.
Ability to query standard relational databases (SQL).
Ability to produce summary data analysis to drive KPI’s, KRI’s, trend analysis and to support management decisions.
Ability to configure scans and scan automation on one or more industry standard scanning platforms— (Tenable, Nessus, Qualys, etc).
Penetration test skills (Kali Linux, Burp Suite, etc).
Utility Scripting or light programming—as needed to automate and integrate toolsets.
Preferred
Cloud Certifications—Azure preferred.
Good knowledge on integration of scanning tools with other tools using connectors and any centralized vulnerability management tools (such as Keena, Vulcan) is preferable.
Benefits
401K plan
Health benefits (including medical, dental, and vision available for families and domestic partners)
Pet insurance for your furry family members
Company
Commvault
Commvault provides a data and enterprise backup software.
1001-5000 employees
H1B Sponsorship
Commvault has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (36)
2022 (68)
2021 (81)
2020 (82)
Funding
Current Stage
Public CompanyTotal Funding
unknown2006-09-22IPO
2000-03-14Series A
Leadership Team
Sanjay Mirchandani
CEO
Alex Janas
Field Chief Technology Officer, Security
Recent News
IT News Africa | Business Technology, Telecoms and Startup News - Africa's Technology News Leader
2024-12-05
2024-12-03
Morningstar, Inc.
2024-11-26
Company data provided by crunchbase
