Vulnerability Mgmt, Sr Specialist at CNA (Chicago, IL)

| Chicago, IL | Hybrid
Sorry, this job was removed at 12:18 p.m. (CST) on Friday, March 18, 2022
Find out who's hiring in Chicago, IL.
See all Operations jobs in Chicago, IL
By clicking Apply Now you agree to share your profile information with the hiring company.
Job Summary
Individual contributor position responsible for executing the vision design and implementation of Vulnerability Management (VM) program for CNA. This position supports the leadership in developing VM strategy and assists in conducting data security readiness assessments for the selection and implementation of enterprise data security standards. This position will focus on implementing and maturing the remediation program for both infrastructure and WebApp vulnerabilities by updating strategy policies and procedures and maturing vulnerability risk classification process.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
  • Supports the Vulnerability Management program as a vulnerability management SME throughout a global technology organization with various legacy and modern systems within data centers and the cloud.
  • Implements enterprise policy and technical standards with specific regard to vulnerability management and secure configuration.
  • Assists with the entire vulnerability remediation process within CNA which may include vulnerabilities discovered through various channels such as but not limited to vulnerability scans pentesting application scanning responsible vulnerability disclosure program and etc.
  • Partners with other Security and IT professionals to assess potential impact from vulnerabilities specific to the environment and recommend mitigating security controls.
  • Identifies and recommends appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
  • Fully understands business requirements and assist leadership to define appropriate solutions for security objectives while meeting the business need.
  • Provides guidance technical expertise and support to team members regarding vulnerability assessment.
  • Develops and improves KPIs and metrics for vulnerability management functions.
  • Participates in and lead new projects as needed.

May perform additional duties as assigned.
Reporting Relationship
Typically Director or above
Skills Knowledge & Abilities
  • Proven track record of vulnerability management experience with proven knowledge and competence in security concepts.
  • Hands-on experience with vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms database and application servers.
  • Strong written and verbal communication skills with the ability to foster collaborative open working relationships with all parts of the business.
  • High performance skillset which not only understands the threat spaces as it relates to risks but also able to meet the technical challenge of communicating this out to our teams.
  • Solid understanding of vulnerability management programs including how to assess vulnerabilities prioritize and drive remediation activities.
  • Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.
  • Experience in interacting with auditors and regulators.
  • Experience in working across public cloud and on-premises hybrid infrastructure.
  • Experience in working with vulnerability scanning technologies at scale.
  • Solid ability to make independent decisions and the judgment to know when to seek guidance.
  • Solid understanding of risk vs severity.

Education & Experience
  • Bachelor's degree in Computer Science or related discipline or equivalent work experience.
  • Typically a minimum of six years' related work experience in Information Technology
Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • JavaLanguages
    • JavascriptLanguages
    • KotlinLanguages
    • PerlLanguages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • jQueryLibraries
    • jQuery UILibraries
    • ReactLibraries
    • Node.jsFrameworks
    • SpringFrameworks
    • AccessDatabases
    • DB2Databases
    • Microsoft SQL ServerDatabases
    • MySQLDatabases
    • OracleDatabases
    • PostgreSQLDatabases
    • Google AnalyticsAnalytics
    • ConfluenceManagement
    • JIRAManagement
    • Microsoft ProjectManagement
    • SalesforceCRM
    • SendGridEmail
    • MarketoLead Gen

An Insider's view of CNA

How would you describe the company’s work-life balance?

Work-life balance has always been a priority for me. It always will be. CNA’s hybrid working model allows me to not only maximize collaboration with my peers but also take advantage of increased flexibility by combining remote and in-office work. I’m empowered to take control of my schedule based on what works best for me and my team.

Alison Massey

Agile Scrum Master Consultant

How do you collaborate with other teams in the company?

On the Security Advisory team, collaboration is key to what we do. We sit at a unique intersection of security goals and business objectives. By working across nearly every IT team at CNA, we balance the need for maintaining secure initiatives and keeping projects on track. It’s our job to find the best, secure path to ‘Yes’ for business requests.

Zach Jones

Director, Security Advisory

How has your career grown since starting at the company?

I joined CNA as a contractor and became a full-time employee after an eight-year contractor journey. I’m passionate about solving technical challenges and CNA allows me to foster that passion. Every day, I learn about emerging technologies. I’m empowered to develop, grow, and create a career that works for me and my lifestyle.

SenthilKumar Asokan

Applications Engineer Senior Specialist

How do your team's ideas influence the company's direction?

Enterprise Architecture creates foundations for IT expectations across CNA. I’m on a team that builds reusable IT assets, communicates best practices, and decides standards for tooling, and more. I influence CNA outside of my role, too, specifically through CNA’s Employee Resource Groups. I’m empowered to influence both IT and our culture of inclusion.

Lisa Smith

Architecture Senior Specialist

What's the biggest problem your team is solving?

A primary focus of my team is reducing the time-to-market associated with machine learning models. By leveraging cutting-edge cloud services and streamlining processes, we’re enhancing the model development lifecycle. That enhancement allows us to use efficient, effective predictive analytics when making business decisions.

Ryan Gulden

Senior AI/ML Engineer

More Jobs at CNA

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
View CNA's full profileSee more CNA jobs