Threat and Vulnerability Management Engineer

Brown & Brown is seeking a Threat and Vulnerability Management Engineer to join our growing team in Daytona Beach, FL. 

As a Threat and Vulnerability Management Engineer, you will provide vulnerability management expertise to our program and ensure our systems' integrity and security. You will be the operational expert in utilizing and managing all Qualys modules to identify and prioritize the remediation of vulnerabilities across our organization. You will work with internal and external security testing groups to coordinate regular red team testing of Brown & Brown assets. Must be able to create a variety of operational and strategic dashboards that accurately represent risk to help prioritize risk mitigation. The ideal candidate will have at least 5 years of cybersecurity experience and at least 3 years of hands-on experience engineering and managing Qualys. 

How You Will Contribute: 

• Provide Subject Matter Expertise for the development, implementation, and optimization of our vulnerability management program. 

• Utilize Qualys to perform regular scans, assessments, and penetration tests to identify vulnerabilities in our systems, networks, and applications. 

• Collaborate with cross-functional teams to prioritize and remediate vulnerabilities promptly. 

• Develop and maintain a comprehensive inventory of assets and their associated vulnerabilities. 

• Create and maintain documentation related to vulnerability management processes and procedures. 

• Monitor industry trends and emerging threats to enhance our vulnerability management strategies. Remain current on emerging security threats and technologies. 

• Conduct threat modeling and risk assessments to prioritize vulnerabilities based on potential impact and exploitability. 

• Ensure compliance with industry standards and regulatory requirements related to vulnerability management. 

• Knowledge of various security technologies such as vulnerability assessment tools, SIEM, firewalls, proxies, network and host-based intrusion prevention, DLP, etc. 

• Integrate and leverage threat intelligence sources & partners to maintain an understanding of emerging security threats and advanced threat actor's capabilities. 

• Assist in selecting, implementing, and managing systems, tools, and processes to keep the firm at the leading edge of security. This includes a continually evolving inventory of gaps to be mitigated and formulating a proactive strategy to evaluate and implement mitigating technologies. 

• Prepares status reports on security matters to develop security risk analysis scenarios and response procedures. 

Licenses and Certifications:  

• CISSP, CISM, or CEH certifications (Preferred) 

Skills & Experience to Be Successful: 

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience). 

• Minimum of 5 years of experience in cybersecurity, with a focus on threat and vulnerability management. 

• At least 3 years of hands-on experience engineering and managing Qualys, including all Qualys modules. 

• Expert understanding of vulnerability assessment tools, methodologies, and best practices. 

• Knowledge of industry standards and frameworks such as CVE, CVSS, CWE, and NIST. 

• Knowledge of protocol analysis and tools (e.g., Wireshark, Nessus, Gigastor, Netwitness, etc.). 

• Working knowledge of current cyber threat landscape (e.g., threat actors, APT, cyber-crime, etc.). 

• Working knowledge of Windows and Unix/Linux, Firewall, and Proxy technology. 

• Knowledge of malware operation and indicators, forensic technique, and penetration techniques