As Director of Vulnerability Assessment and Intelligence you will be responsible for developing and managing a high quality vulnerability management program that provides comprehensive vulnerability collection, assessment, triage and response capabilities at scale across Salesforce and acquisitions. You will build meaningful relationships with teams and management in many Salesforce business units and drive meaningful security posture improvement through accurate/honest vulnerability metrics reporting in a pull based model. You will be the all seeing eye which knows the entirety of our attack surface and its past, present and future security posture.
Watch: Career Advice
Understand the current vulnerability management program, tools, technology and team.
Develop plans with executive management to enhance the current vulnerability management program.
Expand vulnerability assessment coverage breadth to new business units.
Expand vulnerability assessment coverage depth by adding new tooling to the vulnerability management portfolio.
Develop a centralized data consolidation and analysis system for all vulnerability data.
Develop a communication plan for vulnerability data leveraging a pull based model.
Work with management to develop long term strategy, annual plan and tactical plan for the vulnerability assessment and intelligence program.
Develop and contribute novel vulnerability management tools and software and contribute to open source.
Build a world class team of vulnerability assessment engineers and vulnerability assessment and triage experts.
Minimum Qualifications:
BS/MS degree, or relevant work experience
Experience with common vulnerability management tooling at scale
Experience managing a small team of six to ten engineers
Experience developing strategic and tactical team plans
Experience working with executive management
Infrastructure and application level vulnerability assessment and pen testing experience
Expert knowledge in computer and network security
Extensive knowledge of the OWASP Top 10 and CWE Top 25
Desired Skills and Credentials:
Desired Skills and Credentials:
Ability to self motivate when given strategic goals
Excellent organizational and communication skills
Ability to get things done in large organizations
Ability to recruit talent and build great teams
Experience managing sizeable infrastructure deployments
Experience managing and developing open source software and tooling
Experience in software development, Java, Perl, Python, Ruby, etc....
Information security certifications, GPEN, OSCP, OSCE, OSWE, CEH, CISSP
Send To A Friend
Posts
