Senior Threat Vulnerability Management Engineer

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data. 

What you’ll do… 

• Work with both on-prem and public cloud assets and assess the technology stack from the operating system through to the code and application stack. 

• Make major contributions to shaping both the technical and process aspects of the TVM lifecycle. 

• Configure and operate TVM scanning platforms; analyze and triage scan results; and work with internal partners and stakeholders to drive remediation of detected vulnerabilities.

• Collect and oversee Application Security test processes executed by distributed development teams.

• Define, organize, and execute penetration test efforts to assess targeted Commvault services, and information assets.

• Establish & operate KPI/KRI metrics, and data trends analysis in support of management decisions.

• Develop and drive cybersecurity initiatives related to threat & vulnerability management with adherent to ‘continuous monitoring’ and ‘continuous improvement’ thought process.

Responsibilities include but are not limited to the following:

• Day-to-Day Operation of Infrastructure Scan/Analyze/Triage/Remediate Process

• Configure and operate TVM scanning platform.

• Analyze & Triage scan results.

• Prepare Scan metrics and reporting.

• Work with internal stakeholders to remediate detected vulnerabilities.

• Plan and execute focused TVM campaigns as needed.

• Good knowledge on integration of scanning tools with other tools using connectors and any centralized vulnerability management tools (such as Keena, Vulcan) is preferable.

• Penetration Test Planning, Coordination & Execution

• May be required to directly conduct penetration tests against selected Commvault services and information assets.

• May be required to plan, direct, and coordinate 3rd party penetration test teams.

• Application Security Testing Management & Coordination

• Monitor SAST, DAST, and Penetration tests executed by DevSecOps personnel on distributed development teams.

• Act as SME to development teams if they require assistance interpreting and remediating results.

• Collate, Merge, and Analyze AppSec/Secure SDLC scan results for trends and management reporting.

• Reporting & Data Analysis

• Establish and maintain KPI’s and KRI’s for the TVM Program and its Components.

• Analyze collected scan data for latent patterns around technical vulnerabilities, or process deficiencies.

• Threat Picture & Industry Knowledge

• Cyber Threat Intelligence (CTI) knowledge.

• Maintain current awareness of security trends, emerging threats, and recent zero-day exploits.

• Apply such knowledge to Commvault’s Vulnerability picture, alerting management to specific escalated risks directly applicable to Commvault.

Education

• BA/BS Degree or equivalent work experience.

• Security Certifications—CISSP, OSCP, other penetration test certifications.

• Cloud Certifications—Azure preferred.

Experience

• 10+ years in information security area.

• 5+ years in a technical role with hands-on technology, either on the IT side, or in Security.

• Direct experience with Active Directory, Windows, and Linux.

• Experience with one of the major public cloud providers.

• Solid knowledge of Network protocols and workings.

• Direct hands-on penetration test experience.

Soft Skills

• Leadership—the ability to “lead up” by influencing senior members of the team.

• Self-Starting & Self-Directing—ability and drive to see what needs to be done, and craft a solution.

• Communications--Ability to work with all levels of stakeholders, from low level apprentices to senior management.

• Communications--Ability to communicate complex situations to audiences at the appropriate level of detail.

• Project Management & Coordination of cross functional/cross-departmental teams.

Process & Workflow Design

• Ability to author SOPs and processes.

Data Handling & Analysis Skills

• Ability to merge data from different sources for cross-source analysis.

• Ability to query standard relational databases (SQL).

• Ability to produce summary data analysis to drive KPI’s, KRI’s, trend analysis and to support management decisions.

Technical Skills

• Ability to configure scans and scan automation on one or more industry standard scanning platforms— (Tenable, Nessus, Qualys, etc).

• Penetration test skills (Kali Linux, Burp Suite, etc).

• Utility Scripting or light programming—as needed to automate and integrate toolsets.

You’ll love working here because: 

• Continuous professional development, product training and career pathing

• An inclusive company culture, opportunity to join our Community Guilds

• Generous Global Benefits

• Employee Stock Purchase Plan