Chameleon Technologies is seeking a couple of Cybersecurity Operations Engineers for a role in either Issaquah, WA or Dallas, TX.
The Cybersecurity Operations Engineer will work closely with stakeholders in Security, the Business, and other leaders within the company, as well as partner with suppliers and utilize vulnerability management resources. The Engineer is responsible for the successful delivery, design, and support of the vulnerability management program. This role has specific focuses on application security, vulnerability scanning, vulnerability scan outputs, and the tools and methodologies utilized within the program. The Engineer identifies gaps and inefficiencies within the vulnerability management program, and works with the team to implement solutions. The Engineer partners with suppliers for product consideration, proof of concepts, and solution recommendations. The Engineer ensures security best practices are enforced, mentors team members, and provides consultative services to teams and stakeholders to improve the vulnerability management of their environments.
The role of every Application Security Team member is to support the overarching values and business goals of the company, including meeting legal, ethical, and regulatory obligations; protecting member, employee, and supplier privacy; and ensuring a technologically secure operating environment.
If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.
ROLE
- Develops team vision to drive new capabilities against a published roadmap, in conjunction with management.
- Formulates and directs activities that align short term goals and long term initiatives while providing accurate and timely estimates of work breakdown schedules.
- Influences and drives adoption of best practices and high quality standards throughout the division.
- Integrates diverse solution components across multiple platforms using industry standard interfaces.
- Optimizes team efficiency and performance through high level technical direction.
- Provides technical leadership in implementation of applications, strategic planning sessions, documentation of requirements, tool implementation, database query languages, and programming languages.
- Presents technical designs and solutions to executives, management, and other audiences to gain consensus and/or project approval.
- Serves as a subject matter expert for application security, vulnerability management, and vulnerability scanning.
- Supports and consults with product and development teams in the area of application security.
- Assesses applications for vulnerabilities in web UIs, mobile applications, and APIs.
- Provides manual application secure code reviews.
- Works analytically to solve both tactical and strategic problems within the vulnerability management program.
- Identifies attack surface reduction opportunities through vulnerability data analysis from enterprise custom and COTS applications.
- Identifies opportunity for process and personnel improvement to mature the vulnerability management program.
- Contributes as an active member of the Threat Exposure Management team; participates in team activities and planning in regards to improving team skills, awareness, communication, reputation, and quality of work.
- Collaborates and communicates with Compliance, Internal Audit, Business teams, and others to identify, analyze, and communicate risk; provides support around vulnerability management within their business requirements.
- Coordinates with the Incident Response team to remediate security incidents as needed.
- Understands compliance requirements that may impact security, and effectively collaborates with business areas and project teams to develop security solutions that address requirements.
- Advocates for compliance and security measures, both internally and externally, to protect corporate applications and environments.
- Works with information systems owners and administrators to understand their security needs and assists with implementing best practices and procedures consistent with our security policies.
- Maintains current knowledge of industry trends and standards; proactively pursues professional growth in the areas of technology, business knowledge, and our policies and platforms.
REQUIRED
- 3+ years’ experience in security in an enterprise environment.
- 1+ years’ experience with Azure, GCP or another cloud service.
- Understanding of software development lifecycle and integrating application security into a CI/CD pipeline.
- Experience with vulnerability management processes including scanning, reporting, and remediation planning.
- Knowledgeable in remediation activities at the code or script level, including fixing vulnerabilities or defects.
- Experienced in revision control systems and the agile process using ADO, Git, or similar agile code system functions (Pull, Fetch, Push, Sync).
- Experience working on mobile programming languages, development practices, and common bug patterns.
- Familiar with application vulnerability/security frameworks and standards such as OWASP Top 10, SANS Top 20, CVE, CWE, CVSS, etc.
- Demonstrates strong verbal and written communication skills.
The salary range for this role is $155k-$210k base DOE.
