Job Type
Full-time
Description
Who We Are
Guided by our Core Values, deepwatch is securing the digital economy by tenaciously protecting enterprise networks - everywhere, everyday. Our team, many of the most technically astute minds in cybersecurity, serves an impressive list of Fortune 500/Global 2000 companies. Our success is driven by our unique IP, Cloud SecOps platform and strategic partnerships with industry leading technology vendors. deepwatch is:
CISO Choice Awards: MSSP Winner 2020
Great Place to Work® Certified 2020
Goldman Sachs portfolio company: $53m Series B investment 2020
Splunk Partner: #1 Volume MDR/MSSP - Splunk Managed SIEM
Forrester: Top 10 MDR
What We Do
deepwatch's innovative cloud platform and borderless SOC extends our customers' cybersecurity teams and proactively protects their brand, reputation and digital assets. Our powerful analytics platform analyzes billions of events each month and is trusted by hundreds of leading global organizations to provide 24/7/365 managed security services. We have developed some of the coolest, most innovative IP in the industry and we're expanding our platform by investing extensively in research and development.
What We Offer
Wellness

• Choice of medical, dental and vision plans with deepwatch paying 100% of premium for HDHP medical and dental along with a very generous portion for dependents
• FSA (Medical and Dependent) and HSA with employer contribution
• Company paid Life Insurance, Short Term Disability and Long Term Disability
• Generous Paid Time Off, 8 company holidays, 2 floating holidays
• Wellness Programs
• Remote Workforce

Financial

• Stock Options: All full time employees are awarded stock options
• 401k with company match
• Generous mobile phone and home internet allowance
• Referral Bonus and recognition programs for exhibiting our Core Values

Professional development

• Mentoring Program
• Limitless career progression and commitment to promoting from within
• Up to $6K annually per employee for Professional Development

Giving Back

• Company-wide initiatives, such as supporting https://www.stemforher.org/
• Paid time off for Community Service
• Voting Leave

Social

• Employee Affinity Groups: Supportive internal networks like Women of deepwatch
• dw Swagger: annual credit to the deepwatch Swag Store to show your dw pride
• Having a blast! Monthly All Hands and Ask Me Anything calls, interactive wellness programs, social events, cross functional initiatives, annual Company Kick Off event, and department offsite meetings to name a few

Vulnerability Management Engineer II
The Vulnerability Management Engineer II will be responsible for overseeing the operation of vulnerability assessments for assigned customers. The Vulnerability Management Engineer II will implement and oversee scanning technologies to discover, prioritize security flaws for remediation, and collaborate with system and application owners to facilitate the remediation and closure of vulnerabilities.
The Vulnerability Management Engineer II will operationally integrate with the customer's patch management activities and perform validation of applied and/or missing patches. Additionally, they will perform security testing on pre-production systems and applications to close vulnerabilities prior to production deployment.
Position Responsibilities

• Work with deepwatch customers to deliver vulnerability identification and management as a service
• Oversee and support the MSS delivery team and the customers' multiple vulnerability management work streams
• Ensure the delivery of services within the agreed upon service-level commitments
• Discover and group network connected systems for network-based vulnerability scanning
• Conduct regular vulnerability scanning to analyze configurations and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components
• Collaborates with infrastructure and application owners on security hot-fixes or patch management validation
• Analyze vulnerabilities for false positives, and prioritization based on risk to customers
• Generate remediation action plans and corresponding tickets for system and application owners to remediate identified flaws
• Collaborate with system and application owners through the remediation lifecycle
• Perform security testing and vulnerability scanning on pre-production system and application deployments
• Develop periodic reports on the discovery and closure of vulnerabilities to maintain stakeholder accountability
• Supports the cyber incident response team in specified vulnerability discovery and identification tasks during crisis management
• Understanding of Web Application Security scanning and vulnerabilities
• Assist in documenting standard operating procedures
• Mentor, coach, and train other individuals within the deepwatch organization
• Develop and produce vulnerability blog posts, vulnerability summary sheets, or zero-day reports to be given to customers
• Responsible for be being able to speak to NIST, CIS, or other hardening guidelines
• Ability to speak in-depth on mitigation factors that can be implemented for Zero-Days, Firewalls, IDS/IPS, or other tool sets that can be utilized in order to reduce overall risk within customer's organizations

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Requirements
Required Experience, Skills and Knowledge

• Bachelor's Degree in a technical discipline, or equivalent experience
• 5+ years of increasingly progressive experience in cyber security or information technology security roles, preferably managing organizational security programs
• Strong customer service and communication skills, both oral and written with the ability to build relationships at all levels
• An unwavering commitment to customer satisfaction
• Demonstrated ability to effectively manage projects
• Strong understanding of information security common bodies of knowledge
• Strong understanding and experience with risk management concepts and techniques
• Practical experience, and demonstrated success, developing and managing an organizational vulnerability management program
• Fundamental knowledge of network vulnerability scanning technologies
• Fundamental knowledge of web application security testing utilities
• Understanding of Web Application Security vulnerabilities and mitigating defenses
• Experience with vulnerability remediation management and patching
• Knowledge of vulnerability management best practices from NIST, ISO, PCI, OWASP, and CIS
• Experience in deploying and operating vulnerability scanning infrastructure, services and solutions
• Hands-on experience testing web application security
• Fundamental technical skills in the following areas:
  • Active Directory
  • Windows
  • Linux
  • Networking
• Experience in scripting languages, such as Python, Ruby, Perl, etc.
• Proficient in the use of data manipulation, dashboard and reporting tools
• In-depth knowledge and experience with Microsoft Office products, such as Word, Excel and PowerPoint
• Will require occasional travel to the client site, up to 25%
• Ability to pass a pre-employment background and drug screen in accordance with applicable laws

Preferred Experience, Skills and Knowledge

• Graduate Degree in a technical discipline, or equivalent experience
• Industry recognized certifications, such as GEVA, CISSP, CISM, GPEN, GIAC, CISA, etc.
• Project management experience
• Experience managing large complex projects
• Security consulting or managed services experience

Colorado Candidates:
Minimum salary of ninety two thousand dollars + stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.
*Note: Disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when working remotely from the state of Colorado.
Equal Opportunity Employer
deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.