Sr. Product Security Vulnerability Management & Incident Response Engineer
Employment Type: Contract
Position Title: Sr. Product Security Vulnerability Management & Incident Response Engineer
Location: Orange County, CA
One of our best clients in San Diego is looking to hire a Senior Product Security Vulnerability Management and Incident Response Engineer. A description of the position is listed below.
The Sr. Product Security Vulnerability Management and Incident Response Engineer will report directly to the Head of Product Security. The Sr. Engineer will be responsible for building and operating the vulnerability management lab for software enabled products, as well as build and support incident response processes. You will be working in close collaboration with software development, risk management, complaints and quality teams, providing them with information on discovered vulnerabilities, as well as driving assessment and mitigation activities ensuring that they are fully mitigated.
- Serve as a Subject Matter Expert in vulnerability management and incident response product security space, covering a wide range of medical devices from embedded software to mobile and cloud applications.
- Provide product security support in:
- Decomposing third-party software binaries and generating software bill of materials
- Identifying vulnerabilities in third party software components
- Identifying vulnerabilities in proprietary code
- Generating vulnerability reports, driving them through the assessment and mitigation processes
- Maintain connections with vendors and customers, staying aware of newly discovered vulnerabilities and driving coordinated vulnerability disclosure process
- Follow incident response procedures, represent organization in communications with US Department of Homeland Security ICS-CERT and external to organization vulnerability finders
- Stay abreast of the cyber security threats landscape to bring awareness of their applicability to the client’s solutions and work on resolving those threats and improving product security posture
Education, Skills and Experience:
- A Bachelor’s of Science Degree in Computer Science or other related area is required; a Master’s Degree is preferred.
- Must have a minimum of 4 years of experience as a Product Security Engineer responsible for building and running vulnerability management and incident response. A minimum of 3 years of experience is required with a Masters Degree.
- Experience in performing vulnerability management and incident response activities as part of a medical device program is highly preferred.
- Strong knowledge of vulnerability scanning, code scanning and software composition analysis tools, allowing to create and maintain asset inventory for software components and keep track of all the vulnerabilities associated with it.
- Demonstrated experience in leading and executing security projects in at least 3 or more of the following domains: platform security, application security, network security, infrastructure, cloud security, data security and identity and access management.
- Expert knowledge of OWASP Top 10, CVE, CVSS 3.0 as well as ability to recognize and understand various types of application, infrastructure and protocol vulnerabilities.
- Certified Computer Security Incident Handler, GCIH, and CISSP certifications are highly preferred.
- Ability to collaborate in a very fast paced environment
- Excellent written and verbal communication skills, with experience presenting to executive audience
Candidates must be able to pass a pre-employment drug screen and background check.
For immediate consideration, please email a MS Word or PDF version of your updated resume to Justin Williams at firstname.lastname@example.org. Justin can also be reached directly at (760) 807-3930. Thank you for your time and consideration.
The ProSource Group, Inc.