Vulnerability Manager - Bug Bounty

Verizon - Ashburn, VA3.9

Full-time
What you’ll be doing...

The Bug Bounty Vulnerability Manager will have direct responsibility for overseeing the continued on boarding of systems into the Bug Bounty program, including working to ensure that reported bugs are brought into the vulnerability management program.This individual should be apassionate cyber security lead to help analyze, triage, and facilitate remediation of security vulnerabilities. In addition, youwill need to take ownership of vulnerabilities and build partnerships and procedures with other teams to ensure their remediation. This will require a very process-minded and data-driven approach, along with a personality that can champion progress while facilitating positive relationships with both technical (i.e. IT, cyber-security) and nontechnical (i.e. legal, PR, etc) resources. The selected candidate will work with a team but act as operational program lead as well as oversee program adoption across multiple departments and a large scale of assets.

Resposibilities:
Evaluation of reported "bugs"/vulnerabilities to ensure appropriate triage
Manage programs related to deployment, remediation and tracking.
Program / platform design. Work with and evolve the Security Operations toolsets and reporting to provide better vulnerability insight and create effective communications and reporting.
Design of solutions to ensure a positive relationship with the researcher community
Project management of system integration.Integrate external threat environment information for emerging threats to known vulnerabilities, and advise relevant stakeholders on the appropriate courses of action
Compile documentation of and conduct training on the program processes and procedures.
Investigation of a vulnerability to determine the impact to Verizon.Collaborate closely with security architecture teams to provide vision, scope, and requirements for expansive deployment and evolution of EVM strategies and goals
Ensuring that reported vulnerabilities are handed to the correct team(s) for remediation.This will include collaboration with all security teams across Verizon – both CIS and others.
Follow-up with owners to ensure remediation efforts are consistent with SLA/policy.
Escalation for noncompliance.
Definition, measurement and reporting on operational KPIs.Establish and execute the enterprise vulnerability management standards, processes, procedures, and operations to identify and remediate vulnerabilities and weaknesses that can be exploited by threat actors through strong cross-functional relationships with VZ business units.
Presentation to cross-functional stakeholders and Sr. leadership to ensure the awareness of and ongoing success of the vulnerability reporting and management programs.
Conduct ongoing research to help validate completeness or identify “gaps”.
Define key metric indicators, then set appropriate solutions in place to allow for tracking and trending.
Keep abreast of current cyber security and technology news and trends.
What we’re looking for...

You'll need to have:
Bachelor’s degree or four or more years of work experience
Six or more years of relevant work experience
Experience with program or project management.

Even better if you have:
A degree.
Experience having managed a bug bounty program.
Knowledge of security concepts.
Knowledge of security fundamentals and common vulnerabilities.
Experience to the full stack of information technologies and associated security models - including server/OS, database, hardware, network devices, user compute, application/SDLC, cloud, etc.
Knowledge with common security frameworks (SOX, NIST, FISMA, etc.)
Multi-departmental project/program management experience
Experience working with cyber security and vulnerability management at a large company.
Strong analytical problem solving skills, detail oriented and organized approach, excellent communication skills, and strong interpersonal skills.
Ability to translate client and program needs into achievable requirements.
Experience with a bug bounty program, or engagement with the security researcher community.
Knowledge of compliance best practices and knowledge in implementing programs for maintaining compliance for a highly regulated business environment
Experience working with a non-IT business segment.
Experience with the telecommunications industry.
22CyberRISK

When you join Verizon...

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.