Through our dedicated associates, Conduent delivers mission-critical services and solutions on behalf of Fortune 100 companies and over 500 governments - creating exceptional outcomes for our clients and the millions of people who count on them. We are a business process and service company.

Why Conduent:

You'll have an opportunity to work on innovative technology while being surrounded by a culture that recognizes each person's contributions. Each day you'll feel challenged and know you are making a difference. At Conduent, we believe everything touches everything -and to that end we value our work and each other in the process, making it an award-winning place to work. In 2021, we won Best Places to Work, Best Global Culture and Best HR Team.

You have an opportunity to personally and professionally thrive, make a difference, and be part of a culture where individuality and participation is valued.

Conduent is a business services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. Weare seeking an experienced Senior Manager, Threat & Vulnerability Management who has experience with vulnerability management across an enterprise. The Senior Manager, Threat & Vulnerability Management will be responsible for managing the team accountable for scoping, scheduling, scanning, and providing guidance and best practices on remediation of any vulnerabilities identified.

We need someone who can:

• Directly responsible for leading, managing, and motivating a team of cybersecurity professionals to ensure the success of the threat and vulnerability management program.
• Supervises vulnerability management and activities related to vulnerability scanning, penetration testing, threat intelligence, and remediation tracking utilizing a wide array of security controls and toolsets.
• Drive strategy and projects that increase the overall growth and maturity of the threat and vulnerability management program.
• Overall responsibility for the reviewing vulnerabilities' data from multiple sources (i.e., external / internal penetration testing, external/internal vulnerability scanning, etc.) across multiple technologies and a changing environment including infrastructure and applications to determine risk rating of vulnerabilities to business assets.
• Responsible for improving and automating existing vulnerability management lifecycle. Including but not limited to, data ingestion & normalization, compliance metrics and detections on assets.
• Partner with tools and technology teams to troubleshoot, develop, select, implement and automate appropriate security solutions to keep system data protected from internal and external threats.
• Responsible for managing incoming requests to add scanning assets, perform any required troubleshooting steps, configuration and improvement of scan policies and configurations.
• Responsible for maintaining ongoing scans, maintenance of scan schedules, responding to incoming requests for audit support and evidence.
• Responsible for running PCI ASV scans and working with third-party to receive attestations.
• Provide support and resolution for scanning and vulnerability remediation reporting issues.
• Work with the Business to effectively communicate the risks of identified vulnerabilities and make recommendations regarding the selection of cost-effective security controls to mitigate identified risks.
• Stay current with vulnerability information across all the products in the Conduent environment.
• Provide technical support for vulnerability management projects.
• Provide analysis and validation post remediation, opportunities for improvements and out of the box thinking for optimizations and solving roadblocks.
• Interface with third-party vendors and other Conduent organizations in improving the overall scanning process.
• Perform any other duties as assigned by Conduent management.
• Reviewing scan results and completion times, adjusting any filters and ad-hoc queries as required.
• Coach, guide and answer questions for Customer staff relative to the operation of the Vulnerability Management Scanning tool and any features of the application that might not be currently leveraged by Customer.
• As necessary, review scan results with Customer staff and educate on false positive, vulnerabilities, remediation priority, etc.
• Provide guidance on scan types, best practices for scanning, and determine best scanner placement, scanning type, scanning policies and approaches for each client.
• Create and maintain reports in the Vulnerability Management Scanning tool, catering for specific client and corporate requirements.

Basic Qualifications for Consideration:

• 5+ years of related experience with managing a team focused on vulnerability management and compliance monitoring.
• Demonstrated experience leading cybersecurity vulnerability management and analysis.
• Experience with identification of false positives, true positives and exceptions.
• Experience in analyzing, identifying and developing remediation plans for vulnerabilities.
• In-depth understanding of network & web-based attacks and remediation.
• Good Knowledge of OWASP vulnerabilities.
• Experience in multiple scanning tools, Rapid7 and Tenable preferred.
• Experience in PCI ASV, agent, credentialed and authenticated scanning.
• Understanding of a variety of technical concepts with focus on cloud computing, automation, networking, systems administration, application development, and information security best practices.
• Experience in vulnerability scanning, penetration testing, network security, system administration, operating system hardening techniques, and the risk management process.
• Experience in IT controls monitoring for regulatory and compliance requirements like CIS, SOX, HIPAA, HITRUST, SSAE 16 - SOC 1 & SOC 2, PCI compliance - PCI DSS / PA-DSS, NIST, ISO 27001 & ISO 27002 is a plus.
• Flexibility to travel up to 20% or as required.
• Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline.

Preferred Qualifications for Consideration:

• IT Security Certifications such as CISSP (Certified Information Security Professional), CISM (Certified Information Systems Manager), Certified Ethical Hacker (CEH), Certified Vulnerability Assessor (CVA), CIPP (Certified Information Privacy Professional), CRISC (Certified in Risk and Information Systems Control), or CISA (Certified Information System Auditor) is preferred.

The Colorado Equal Pay for Equal Work Act requires employers to disclose the following information. If the successful applicant will be required to perform work from a physical site outside Colorado, the following information may not apply.Actual salaries will vary and may be above or below the range based on various factors including but not limited to location, experience, and performance. In addition to base pay, this position, based on business need, may be eligible for a bonus or incentive. In addition, Conduent provides a variety of benefits to employees including health insurance coverage, voluntary dental and vision programs, life and disability insurance, a retirement savings plan, paid holidays, and paid time off (PTO) or vacation or sick time. For Colorado considerations only the estimated salary range is $142,450- $185,000.

#techjobs