Lead Security Engineer | Remote US
About CoalfireCoalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world. But that’s not who we are – that’s just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. And we’re growing fast. We’re looking for a Lead Security Engineer to support our Managed Services team. This can be a remote position (must be located in the United States).Position SummaryAs Lead Security Engineer (Vulnerability Management) at Coalfire within our Managed Services group, you will be a self-starter, passionate about cloud security, and thrive on problem-solving. You will provide strategy, leadership, and operational support of Vulnerability Management processes for clients with regulatory compliance requirements. The Managed Services team is responsible for identifying, assessing, and managing threats, vulnerabilities, and associated risks to clients’ information assets and resources. You will work within major public clouds and best-of-breed tools, utilizing your technical abilities to monitor vulnerabilities and recommend remediation or resolution.
What You'll Do
- Join a highly collaborative security operations team designing and delivering vulnerability management services to Cloud Service Providers, and other organizations operating highly regulated environments.
- Serve as the principal advisor to the client and our team on all matters related to vulnerability management.
- Collaborate in a cross functional model with infrastructure engineering, site relatability engineering, and clients success managers to deliver a seamless, holistic experience for client engagements.
- Work across a myriad of technology stacks in the leading cloud providers like AWS, Azure, and GCP, embracing their unique client-driven deployments and operational requirements.
- Coordinate with clients and team members to identify the right balance of cloud and defense-in-depth techniques to translate client’s goals into a secure and effective solution.
- Influence the maturity of Coalfire processes and standards related to vulnerability management activities and propagate through development and maintenance of standard operating procedures, training curriculums, technical documentation, and troubleshooting guidelines.
- Conduct security product evaluations, and recommends products, technologies and upgrades to improve client security posture
- Conduct testing and data reviews to evaluate the effectiveness of current contractual measures
- Provide support to the security assessment and authorization process
- Author and peer review of industry-facing material such as blogs, white papers, and research papers.
- Create impactful relationships with industry leaders to influence definitions of success and increased focus on security as compliance.
- Communicate with internal management to provide insights into the current risk in client environments and proposed remediation strategies.
- Support and mentor the vulnerability management team that is conducting:
- Recurring and on-demand OS/DB, web application, and container scanning activities;
- Development of Plan of Action and Milestone (POA&M) reports, and;
- Client-facing and Government-facing discussions related to results and risks for multiple client environments.
What You'll Bring
- BS or above in related Information Technology field or equivalent combination of education and experience
- 8+ years of related experience in professional services, vulnerability management, and compliance monitoring.
- Deep experience in operating system, database, network, container, web application, and API vulnerability management.
- Exampled use of vulnerability scoring systems (CVSS/CMSS)
- Experience directly supporting vulnerability management in at least two of the following cloud IaaS providers: AWS, Azure, GCP
- Expertise of vulnerability management in at least one of the following compliance frameworks: FedRAMP, HITRUST, PCI
- Experience defining baseline configuration standards such as the Center for Internet Security (CIS) Critical Security Controls within various scanning technologies.
- Experience working with internal and external auditors to ensure that documented controls, policies, and standards are being adhered to.
- Excellent communication, organizational, documentation, and problem-solving skills
- Exampled relationship management and ability to work with C-Suite
- Critical thinking, and ability to balance security requirements with mission needs
- Proficiency in scripting, such as Python and/or PowerShell.
- Project management experience for individual and team projects (ability to track detailed tasks and ensure timely delivery)
Bonus Points
- Previous experience mentoring or managing consultants in a professional services organization
- Previous experience supporting 24x7x365 security operations for a SaaS vendor.
- Exampled industry-influencing material development, such as white papers, blogs, research papers, or guidance.