Senior Security Engineer (Vulnerability Management) - 0818126
Business Unit Summary
The Information Security Senior Engineer (Vulnerability Management) is responsible for the protection and understanding of risk in relation to business information assets, meeting global security standards and compliance with regulations. A key part of this role is to ensure there is a clear understanding of the Enterprise security posture at all levels (Engineer to VP).
This role helps protect the confidentiality, integrity and availability of Information assets with a focus on vulnerability management.
A Day in the Life
• Contribute to the development and execution of a global vulnerability management program, through technical leadership of initiatives and projects which will further enhance the Enterprise security posture.
• Contribute to project plans, coordinate vendors, build and conduct tests, execute against the implementation plan and track project progress.
• Lead technical design and execution for large to global enterprise sized application or infrastructure projects that have major impact on the IT infrastructure
and business process including those that involve multiple inter-related technologies, multiple vendors, leading edge technologies, great operational or implementation risks, complex business functionality
and broad implications for the organization and the IT infrastructure.
• Be a key contributor to the coordination and delivery of information security based testing. Prioritize and share findings, driving remediation.
• Collaborate with colleagues at all levels across all business and technology functions in order to advance and support the vulnerability management programme.
• Provide 3rd level support and troubleshooting for issues escalated from more junior engineers on installed technical solutions.
• Delivers projects or initiatives, within their technical discipline. This typically includes: Executing established plans for initiatives.
• Anticipating conflicting needs and proactively resolving them
• Build vendor relationships, review proposals, makes recommendations and assists with management of contract and support renewals.
• Provide support to Procurement on the purchase and renewal of toolsets and assist with supplier management activity.
• Advise on emerging technology and make recommendations on vulnerability management tools.
• Lead the assessment and communication of vulnerabilities and their associated risk e.g. vulnerability alerts and critical security patches
Keys to Success
At Cornerstone, if you are Agile, Innovative, Pioneering, Dynamic, Boundaryless, Passionate, Customer-Centric, Collaborative, and Results-Focused, you will love it here!
• One or more professional security certifications e.g. CISSP, CISM, CISA, or relevant SANS certification. Lead Implementer.
• Proven experience of combined security and\or IT work experience in a position focused primarily on information security.
• In-depth knowledge of information security standards, best practices, and common data confidentiality regulations e.g. ISO27001\2, NIST, EU Privacy, PCI, Sarbanes-Oxley, HIPAA, etc.
• Demonstrated ability to translate business requirements into appropriate controls in a client-focused environment.
• Be a self-motivated individual who is highly accountable, with a keen eye for detail and a capacity to be constantly seeking new ways to improve current processes and procedures in order to improve the organizations security posture and risk awareness.
• You will be quick to identify client requirements and their impact on the security posture of the organization. Possess a good working knowledge of the different areas of the IT organization.
• As a member of the Global security team you will have experience within an IT organization focusing on Information Security Practices relating to vulnerability management. Experience of conducting detailed network, application, operating system, and database vulnerability assessments using industry standard tools and methodologies such as WhiteHat, Nexpose, Qualys and Fortify is essential.
• Formal security related accreditation is desirable (e.g. CISSP, CISM, ISSAP, ISSMP etc.) Experience with common information security management frameworks such as ISO 2700x, ITIL, COBIT, NIST etc. and common compliance frameworks and regulations (SOX, PCI DSS, Data Protection laws) is also desirable
• Experience with conducting detailed network, operation system, database and/or vulnerability assessments and security configuration audits is preferred
• Risk Management e.g. CRISC (desirable)
• Project Management e.g. PMP, Prince2, ITIL (desirable)
• Previous experience in Application Development and or Infrastructure support. (desirable)
(Candidates will be considered in totality of their skills and experience versus strict interpretation of “must haves.”)
Cornerstone is comprised of five interactive, aspirational home and apparel lifestyle brands: Ballard Designs, Frontgate, Grandin Road, Garnet Hill and Improvements. Cornerstone operates separate ecommerce sites for all the brands, distributes more than 265 million catalogs annually, and has 16 retail and outlet stores.
The Cornerstone brands are part of Qurate Retail, Inc. (NASDAQ: QRTEA, QRTEB), which includes QVC, HSN, zulily and the Cornerstone brands (collectively, “Qurate Retail Group”), as well as other minority investments. Qurate Retail Group believes in a third way to shop - beyond transactional ecommerce or traditional brick-and-mortar stores - and is #1 in video commerce, #3 in ecommerce in North America and #3 in mobile commerce in the U.S. (according to Internet Retailer). For more information, visit www.qurateretailgroup.com.
Follow Cornerstone Careers on Facebook: www.facebook.com/cornerstonecareers.net. To learn more, visit https://jobs.hsn.com/cornerstone-careers.
About Qurate Retail, Inc.
Qurate Retail, Inc. (NASDAQ: QRTEA, QRTEB) is comprised of eight leading retail brands – QVC, HSN, zulily, Ballard Designs, Frontgate, Garnet Hill, Grandin Road and Improvements (collectively, “Qurate Retail Group”) – all dedicated to providing a ‘third way to shop,’ beyond transactional ecommerce or traditional brick-and-mortar stores. Globally, Qurate Retail Group is #1 in video commerce, reaching approximately 370 million homes worldwide via 16 television networks and multiple ecommerce sites, social pages, mobile apps, print catalogs, and in-store destinations, and is #3 in ecommerce in North America and #3 in mobile commerce in the US. Qurate Retail, Inc. also holds minority interests in ILG and FTD as well as various green energy investments.
Job Field - Technology
Location - OH-West Chester
Schedule - Full-time
Shift - 1st Shift
Employee Status - Regular
Organization - Cornerstone Services