Senior Vulnerability Analyst

About the position

As a member of the Cloud SOC you will be key in the continuous monitoring and protection of all global cloud security operations at Pega. You will be part of a team consisting of highly capable and talented problem-solving analysts and engineers.

Responsibilities

• Ensure that our scanning tools are effectively scanning all of our cloud assets and that stakeholders are aware of existing and new vulnerabilities
• Collaborate with Project Management, Security, and Cloud Engineering teams to identify and track which vulnerabilities are validated and remediated
• Collaborate with the Threat Hunting and Threat Intel teams to prioritize threat hunt hypotheses based on the Pega threat landscape
• Collaborate with the Content Creation team to develop use cases to detect attempted exploits of known vulnerabilities
• Develop reports and periodic briefs for Pega Cloud stakeholders to communicate priority based on the threat landscape
• Be a change leader and agent in a culture of ownership and accountability
• Educate, mentor, and empower junior team members to be future experts and leaders

Requirements

• An experienced Vulnerability Management analyst with experience managing and studying vulnerabilities in most of the following technologies: Linux, AWS, Kubernetes, Docker, Tomcat, Artifactory, web applications, PostgreSQL
• Great at explaining technical security points to non-security people both in writing technical reports, and in person
• Familiar with tracking vulnerabilities in several scanning tools and methodologies (e.g. Tenable/Nessus, Nexpose, SAST, DAST, Accunetix, Fortify, WhiteHat, etc.)
• Possess a solid baseline skillset in core Web delivery technologies (Linux, AWS, Kubernetes, Docker, Tomcat, Artifactory, relational databases)
• Possess wide-ranging experience in Information Security with focus on how vulnerabilities are exploited
• Experienced in validating or testing vulnerabilities as part of a red team or penetration testing team
• Skilled in coding and scripting in one or more languages (C/C++, Bash, Python, Perl)
• Familiar with Threat Modeling and the Mitre ATT&CK Framework, and how to use them to evaluate vulnerabilities
• You have a solid understanding of OWASP practices and how the OWASP top risks can be exploited
• Comprehensive technical knowledge of Linux Operating Systems and how they are exploited and defended
• Experienced in or working with a fast paced continuously evolving Security Operations team in a 24x7x365 global SOC
• Experienced with a range of compliance programs such as FedRAMP, FISMA, SOC 1/2/3, PCI and ISO 9001, 27001, 27017 & 27018
• Well organized, with excellent verbal and written communication skills, including poise in high pressure situations
• Ability to explain complex security issues to a business-focused audience
• Have proven ability to work in a team environment
• Have the ability to gain a US Security Clearance