|Company||United Community Bank|
|Location||Franklin, TN; Greenville, SC; Huntsville, AL|
|Preferred GIAC Certifications||GSEC|
Job Title: Senior Vulnerability / SCCM Engineer
Reports To: Manager, Vulnerability Management
Direct Reports: N/A
The Senior Vulnerability /SCCM Engineer is responsible for supporting the IT Hygiene Program including Vulnerability Management and Configuration Assurance functions. This role will join a team that is responsible for the identification, prioritization, tracking, and remediation of vulnerabilities for all assets (endpoints, network elements, routers, firewalls).
EDUCATION AND EXPERIENCE REQUIREMENTS
• 10 years’ expertise in technology with a focus on vulnerability and configuration management tools preferred
• Bachelor’s degree in Computer Science, Information Technology, or similarly applicable field
• Deep knowledge of cybersecurity concepts and methods including, but not limited to secure configuration management, data protection, security monitoring, incident response, patch management, governance, enterprise security strategies and architecture
• Exceptional communication skills – both written and verbal
• Deep experience in vulnerability management approaches and technologies
• Deep experience with endpoint and network vulnerability scanning tools
• Deep experience with patch management tools preferably Microsoft SCCM
• Experience with a risk-based approach to prioritizing vulnerabilities
• Ability to clearly articulate messages to a variety of audiences at all levels of the organization which includes the ability to articulate complex technical issues to a non-technical audience
• Participate in all required compliance training, including Bank Secrecy Act/anti-money laundering training, as well as internal and external training programs, online training, meetings, and seminars/conferences, etc.
• Support vulnerability identification and remediation across business systems, to include network, cloud, server, endpoint, and mobile assets
• Use vulnerability scanning platforms to conduct routine and on-demand vulnerability scans
• Ensure automated routine scans consistently assess patch and configuration compliance
• Develop vulnerability remediation projects for enterprise infrastructure components and cloud environments
• Validate vulnerabilities and prioritize remediation activities based on risk-levels and policy and standards
• Assess vulnerability patching effectiveness through metrics and key performance indicators (KPIs) to measure patching priorities and make program adjustments
• Regularly meet with IT Operations, DevOps, and Security Teams to monitor patch priorities and cadence
• Triage and formulate remediation plans and/or compensating controls for newly identified vulnerabilities
• Refine vulnerability scanning tools, documentation, processes, and techniques to assist in remediation of security vulnerabilities; provide advice on courses of actions for system and application owners for patching priorities
• Manage tools and processes to identify vulnerabilities, prioritize and track to ensure timely and risk-based mitigation
• Identify best practice systems configurations and monitor to ensure continuously secure systems based on company requirements and industry standards
• Partner with technology and security teams to align practices and tools, leveraging automation where possible to execute identification, notification, and mitigation
• Continuously evaluate the technology and risk landscape to identify best practice configurations, tools, and process improvement
• Articulate state of the program with key metrics, top risks for practitioner and executive consumption
• Periodically evaluate relevant policies, standards, and controls to calibrate to current environment
• Other duties as assigned
Franklin, TN or Greenville, SC or Huntsville, AL
This is a full-time position that requires schedule flexibility to work evenings and weekends as needed.
This position requires up to 10% travel.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Other duties, responsibilities and activities may change or be assigned at any time with or without notice.