Job Type
Full-time
Description
Who We Are
Guided by our Core Values, Deepwatch is securing the digital economy by tenaciously protecting enterprise networks - everywhere, everyday. Our team, many of the most technically astute minds in cybersecurity, serves an impressive list of Fortune 500/Global 2000 companies. Our success is driven by our unique IP, Cloud SecOps platform and strategic partnerships with industry leading technology vendors. Deepwatch is:

• CISO Choice Awards: MSSP Winner 2020 & 2021
• Great Place to Work® Certified 2020
• Goldman Sachs portfolio company: $53m Series B investment 2020
• Splunk Partner: #1 Volume MDR/MSSP - Splunk Managed SIEM
• Forrester: Top 10 MDR

What We Do
Deepwatch's innovative cloud platform and borderless SOC extends our customers' cybersecurity teams and proactively protects their brand, reputation and digital assets. Our powerful analytics platform analyzes billions of events each month and is trusted by hundreds of leading global organizations to provide 24/7/365 managed security services. We have developed some of the coolest, most innovative IP in the industry and we're expanding our platform by investing extensively in research and development.
What We Offer
Wellness

• Choice of medical, dental and vision plans with Deepwatch paying 100% of premium for HDHP medical and dental along with a very generous portion for dependents
• FSA (Medical and Dependent) and HSA with employer contribution
• Employer Paid Life Insurance, Short Term Disability and Long Term Disability
• Supplemental Life/Critical Illness/Accident
• Generous Paid Time Off, 9 company holidays, 2 floating holidays
• 8 Weeks Paid Parental Leave
• Wellness contests and monthly educational programs (award-winning at that)
• Employee Assistance Program available to an employee's entire household, free and confidential, available 24/7 with 6 face-to-face counseling sessions
• Employee Discount Program
• Great Place to Work Certified
• Outstanding Rating on Glassdoor
• 100% Remote-First

Financial

• Very competitive salary
• Stock Options for all employees
• 401k with company match
• $2,400 annual stipend for Cell/Internet
• Annual all expense paid CKO trip
• Chairman's Club
• Employee and Customer Referral Bonus Programs

Professional Development

• Mentoring Program
• Limitless career progression and commitment to promoting from within
• $3,000 first year in Professional Development, increasing to $6,000 annually thereafter

Giving Back

• Company-wide initiatives, such as supporting https://www.stemforher.org/
• Paid Time Off for voting and volunteering

Social

• Employee Affinity Groups: Supportive internal networks like Women of Deepwatch
• Annual credit to Deepwatch Swag Store
• Peer Recognition Program (Radical Performer)
• Having a blast! Monthly All Hands and Ask Me Anything calls, interactive wellness programs, social events, cross functional initiatives, annual Company Kick Off event, and department offsite meetings to name a few

Vulnerability Management Engineer I
The Vulnerability Management Engineer I will be responsible for overseeing the operation of vulnerability assessments for assigned customers. The Vulnerability Management Engineer I will implement and oversee scanning technologies to discover, prioritize security flaws for remediation, and collaborate with system and application owners to facilitate the remediation and closure of vulnerabilities.
The Vulnerability Management Engineer I will operationally integrate with the customer's patch management activities and perform validation of applied and/or missing patches. Additionally, they will perform security testing on pre-production systems and applications to close vulnerabilities prior to production deployment.
Position Responsibilities

• Work with Deepwatch customers to deliver vulnerability identification and management as a service
• Oversee and support the MSS delivery team and the customers' multiple vulnerability management work streams
• Ensure the delivery of services within the agreed upon service-level commitments
• Discover and group network connected systems for network-based vulnerability scanning
• Conduct regular vulnerability scanning to analyze configurations and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components
• Collaborates with infrastructure and application owners on security hot-fixes or patch management validation
• Analyze vulnerabilities for false positives, and prioritization based on risk of exploitation
• Generate remediation action plans and corresponding tickets for system and application owners to remediate identified flaws
• Collaborate with system and application owners through the remediation lifecycle
• Perform security testing and vulnerability scanning on pre-production system and application deployments
• Develop periodic reports on the discovery and closure of vulnerabilities to maintain stakeholder accountability
• Supports the cyber incident response team in specified vulnerability discovery and identification tasks during crisis management
• Assist in documenting standard operating procedures

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Requirements
Required Experience, Skills and Knowledge

• Bachelor's Degree in a technical discipline, or equivalent experience
• 1+ year of vulnerability management experience
• 1+ year of Tenable.SC experience
• 1+ year of Qualys, Tenable.IO, and/or Rapid7 experience
• Background in cyber security or information technology security roles, preferably managing organizational security programs
• Strong customer service and communication skills, both oral and written with the ability to build relationships at all levels
• An unwavering commitment to customer satisfaction
• Demonstrated ability to effectively manage projects
• Strong understanding of information security common bodies of knowledge
• Strong understanding and experience with risk management concepts and techniques
• Practical experience, and demonstrated success, developing and managing an organizational vulnerability management program
• Fundamental knowledge of network vulnerability scanning technologies
• Experience with vulnerability remediation management and patching
• Knowledge of vulnerability management best practices from NIST, ISO, PCI, OWASP, and CIS
• Conceptual understanding of deployment of and operating vulnerability scanning infrastructure, services and solutions
• Fundamental technical skills in the following areas:
  • Active Directory
  • Windows
  • Linux
  • Networking
• Proficient in the use of data manipulation, dashboard and reporting tools
• In-depth knowledge and experience with Microsoft Office products, such as Word, Excel and PowerPoint
• Will require occasional travel to the client site, up to 25%
• Ability to pass a pre-employment background and drug screen in accordance with applicable laws

Preferred Experience, Skills and Knowledge

• Graduate Degree in a technical discipline, or equivalent experience
• Industry recognized certifications, such as GEVA, CISSP, CISM, GPEN, GIAC, CISA, etc.
• Web application scanning
• Policy compliance scanning
• API capabilities
• Project management experience
• Experience managing large complex projects
• Security consulting or managed services experience
• Experience in scripting languages, such as Python, Ruby, Perl, etc.
• Fundamental knowledge of web application security testing utilities
• Understanding of Web Application Security vulnerabilities and mitigating defenses

Colorado* Candidates :
Minimum salary of $76,000 + bonus + commissions + stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.
*Note: Disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when working remotely from the state of Colorado.
Equal Opportunity Employer
Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
ITAR Compliance
"This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application, candidates will be asked to confirm that they are a U.S. Person as defined by the following:

• A citizen of the U.S.;
• A lawful permanent resident of the United States;
• A person admitted to the United States as a refugee; or
• A person that has been granted asylum by the United States government."

The intent of this requirement is not to verify employment eligibility overall, but to ensure compliance with import/export regulations. If you do not meet these requirements, we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment."
#LI-KH1