Senior Manager - Vulnerability Management

The ideal candidate will ensure that all Verisign network and host assets are appropriately scanned using internal and external vulnerability tools. When appropriate, the candidate may adjust the applicability or CVSS scoring of a particular vulnerability to reflect the potential impact or risk to Verisign's environment. The candidate will be responsible for ensuring vulnerabilities are remediated in a timely manner by system owners.

This position will be a central point of contact for the entire organization to understand risks. They will work closely with system owners to understand and interpret the results, which may include investigations to understand how a particular vulnerability impacts Verisign products and services. Systems owners may reach out to investigate whether a particular vulnerability is accurate or a false positive. The candidate will be responsible for preparing reports that illustrate the risk to each team within the organization.

Responsibilities

• Review and monitor existing network, systems, and applications for compliance with company security standards.
• Articulate risk and impact to IT leaders, effectively convey the urgency and need to remediate a vulnerability commensurate with the risk it presents.
• Promote awareness of information security throughout the enterprise.
• Lead and drive remediation efforts within IT & Security environments.
• Define and report program roadmap, status, development issues, and success metrics.
• Collaborate with internal stakeholders to manage remediation efforts.
• Develop and maintain Plans of Action and Milestones corrective actions for audit findings.
• Conduct regular vulnerability scans to ensure systems are meeting risk management requirements.
• Ensure all internal and external systems are completely and thoroughly scanned, as necessary.
• Configuration and monitoring of automated tools for ensuring compliance with company security standards.
• Develop and maintain program reporting to track program health and assist stakeholders with prioritization of remediation efforts.

Requirements

• Understanding of CVSS and EPSS scoring models.
• Strong knowledge of a wide variety of technologies, including operating systems, network devices, firewalls, applications, databases, and protocols.
• Experience with security tools like Tenable, Nessus, Qualys, Wireshark, and Nmap.
• Experience working across multiple units of an organization.
• Experience with Splunk and Service Now.
• Experience managing direct reports.
• Understanding of ITIL concepts to include Incident and change management best practices.
• Experience assisting with writing, reviewing and updating team procedures and documentation.
• Solid understanding and knowledge of cloud technologies, OWASP tools/methodologies and security attack vectors.
• Strong troubleshooting skills; ability to diagnose and problem solve technical issues.

Education and experience

• Bachelor's degree and 8 + years' professional experience, or equivalent work experience
• 8+ years' systems experience
• 4+ years' information security experience
• 4+ years' people management experience

This position is based in our Reston, VA office and offers a flexible, hybrid work schedule

The pay range is $160,300 - $216,900.

The anticipated annual base salary range for this position is noted above, however, base pay offered may vary depending on job-related knowledge, skills, experience. Verisign offers a discretionary bonus which is based on individual and company performance, and certain roles may be eligible for discretionary stock awards.