Cybersecurity Lead, Risk and Vulnerability Management
The Technical Lead - Risk and Vulnerability Management, reporting to the Director of Risk and Compliance, is responsible for the technical and operational requirements of continuous vulnerability management, the identification and assessment of information security risk, coordination with external stakeholders regarding remediation effectiveness and the coordination of day-to-day activities of the Risk team.
Additional responsibilities include:
- Conducts network, system and application vulnerability assessments, using manual and automated tools, on University systems including UNIX/Linux, Windows, cloud services, virtualization environments, network devices, databases, applications, web servers and operational technology devices.
- Conducts departmental and enterprise information technology risk assessments.
- Trains and mentors Risk Team members on operational practices and information security topics.
- Leads automation efforts in the detection, categorization, reporting and tracking of identified vulnerabilities.
- Analyzes and reports on vulnerability trends to identify areas of prioritization based on risk.
- Collaborates with engineering teams to understand vulnerability managements needs and assist with remediation and mitigation strategies.
- Provides verbal and written reports on vulnerability risk to executive, business and technical stakeholders.
- Contributes to information technology vulnerability management and risk strategy.
- Maintains current knowledge of the threat landscape including attacker tactics, techniques and procedures.
- Develops functional and/or service goals that ensure conformity and uniformity with University policies within their assigned area of responsibility.
- Oversees new and existing systems and services development to include modification of existing systems.
- Evaluates user needs and implement systems and solutions to best service the community.
- Consults with users and IT functions to diagnose and resolve complex problems.
- Serves as a liaison between area of responsibility and other areas to ensure conformity with department and University goals.
- Develops troubleshooting and problem resolution programs to ensure a high level of service and efficiency.
- Influences and collaborates with clients and ITS functions to maximize the delivery of services and solutions.
- May perform other duties as assigned.
Required Education and Experience
Bachelor's Degree in a relevant technical field and a minimum of four years of related technical experience or an equivalent combination of education and experience.
Required Skill/Ability 1:
Proven ability with vulnerability management tools such as Tenable Nessus, Qualys, Rapid7, Acunetix, ZAP, and BurpSuite.
Required Skill/Ability 2:
In-depth knowledge of infrastructure and application security concepts and tools.
Required Skill/Ability 3:
Scripting and/or programming skills.
Required Skill/Ability 4:
Excellent verbal and written communication skills and the ability to communicate risk at varying levels of the organization.
Preferred Education, Experience and Skills:
- Experience as a technical lead.
- Experience with static and dynamic application security tools, techniques and procedures.
- Experience with incident response and forensics.
- Experience as a software developer.
- Experience as a system or network administrator.
- Experience with standard information security control and compliance frameworks.
Weekend Hours Required?
Evening Hours Required?
Background Check Requirements
All candidates for employment will be subject to pre-employment background screening for this position, which may include motor vehicle, DOT certification, drug testing and credit checks based on the position description and job requirements. All offers are contingent upon the successful completion of the background check. Please visit www.yale.edu/hronline/careers/screening/faqs.html for additional information on the background check requirements and process.
The intent of this job description is to provide a representative summary of the essential functions that will be required of the position and should not be construed as a declaration of specific duties and responsibilities of the particular position. Employees will be assigned specific job-related duties through their hiring departments.
Affirmative Action Statement:
Yale University considers applicants for employment without regard to, and does not discriminate on the basis of, an individual’s sex, race, color, religion, age, disability, status as a veteran, or national or ethnic origin; nor does Yale discriminate on the basis of sexual orientation or gender identity or expression. Title IX of the Education Amendments of 1972 protects people from sex discrimination in educational programs and activities at institutions that receive federal financial assistance. Questions regarding Title IX may be referred to the University’s Title IX Coordinator, at TitleIX@yale.edu, or to the U.S. Department of Education, Office for Civil Rights, 8th Floor, Five Post Office Square, Boston MA 02109-3921. Telephone: 617.289.0111, Fax: 617.289.0150, TDD: 800.877.8339, or Email: email@example.com.
Yale University is a tobacco-free campus