Location:RTP, North Carolina, US
Area of InterestSecurity
Technology InterestInternet of Everything, Networking, Security
What You'll Do
This role is accountable for investigating, assessing, and monitoring active and potential security vulnerabilities. You will provide on-call and operational response to high-impact vulnerabilities and respond in real-time.
Once vulnerability scans or assessments are complete, you will analyze the vulnerability reports to ensure data accuracy, provide technical vulnerability analysis, and to identify remediation options. After communication of the findings, you will track remediation progress and creating actionable reports.
Other responsibilities include:
- Monitoring public and proprietary threat intelligence sources for vulnerability information
- Support security programs with vulnerability assessment, communication, and remediation
- Assist engineers in troubleshooting and gathering data required to perform remediation
Who You'll Work With
It is an exciting time in Cisco's Security & Trust Organization, as the organization evolves its mission ‘to enable a Cisco that secures itself, its ecosystem, and the industry, using the Cisco on Cisco prograand industry leading practices'.
The S&TO Vulnerability Management team supports this mission as one of the teams that protects Cisco.
Who You Are
The ideal candidate for this Vulnerability Manager position has a solid understanding of Information Technology, Information/Cyber Security, the vulnerability landscape and can apply that knowledge to solve problems at the scale of Cisco.
A Cisco Vulnerability Manager can analyze, reproduce, and develop mitigations or remediation actions for host, application, and network vulnerabilities.
This role prioritizes identified vulnerabilities based upon severity, operational impacts, and business priorities, whether found in on-premises, remote or cloud systems.
Experience & Requirements
- Experience with various vulnerability assessment and management solutions (e.g., Qualys, Tenable, Rapid7)
- Ability to use manual tools to re-create and evaluate vulnerabilities (e.g., nmap, Metasploit, Burp Suite, OWASP-ZAP)
- Knowledge of cyber incident handling processes and procedures
- Technical understanding of CVSS, OWASP Top 10 and vulnerability exploitability ratings
- Beginner-to-intermediate capability in a scripting language (e.g. Python, Bash, Perl)
- Demonstrated ability to collaborate cross-functionally with teams in a fast-moving and dynamic business environment
- Capability to work well within a globally distributed network of colleagues
- Excellent communication and analytical skills
- A good team player; ambitious and eager to grow while maintaining high ethical standards and respect for colleagues
- At least 4 years professional IT or Information Security experience
- Bachelor's Degree or equivalent experience; Computer Science, Information Security, GRC (Security Governance Risk and Compliance)
We Are Cisco
#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference. Here’s how we do it.
We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (30 years strong!) and only about hardware, but we’re also a software company. And a security company. An AI/Machine Learning company. We even invented an intuitive network that adapts, predicts, learns, and protects. No other company can do what we do – you can’t put us in a box!
But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)
Day to day, we focus on the give and take. We give our best, we give our egos a break and we give of ourselves (because giving back is built into our DNA.) We take accountability, we take bold steps, and we take difference to heart. Because without diversity of thought and a commitment to equality for all, there is no moving forward.
So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool.
The health and safety of Cisco's employees, customers, and partners is a top priority. Our goal is to protect and mitigate the spread of COVID-19 infection for strong business resiliency during the pandemic. Therefore, Cisco may require new hires to be fully vaccinated against COVID-19 if the role requires business-related travel, meeting with customers/partners (including visiting third-party sites on behalf of Cisco), attending trade events, and Cisco office entry, unless otherwise prohibited by applicable law, and in countries where COVID-19 vaccination is legally required. The company will consider legally required accommodations/exceptions for medical, religious, and other reasons as per the requirements of the role and in accordance with applicable law. Additional information will be provided to candidates about the requirements and accommodation process at the offer time based on region.