Common Securitization Solutions (CSS) is seeking an experienced Information Security Compliance and Vulnerability (C&VM) Management Engineer to join our team of talented professionals in Bethesda, Maryland.
How many times in your career do you get the opportunity to do something that’s never been done? To create something that will change an entire industry? CSS is building the Common Securitization Platform to issue and manage mortgage securities. We’re looking for people who can walk in two worlds – a start-up environment where development is collaborative and rapid; and a production environment where we run and monitor the performance of the platform. Longer-term, this platform could serve the entire US housing finance industry. Sound transformative? It is. Come join us and help create something remarkable.
Common Securitization Solutions (CSS) is committed to safeguarding the confidentiality, integrity and availability of the CSS platform and its data. Information Security utilizes a Risk Management Framework, based on NIST 800-53 security controls, to secure its application (MA) and infrastructure (GSS). Accordingly, a wide range of enterprise tools, balanced with processes, are utilized to support a defense in depth strategy.
As CSS expands and matures its information security capabilities, we are looking to hire an Information Security Compliance and Vulnerability Management Engineer responsible for effectively managing security controls with a focus on supporting all aspects of the Compliance and Vulnerability Management Programs.
We seek a self-driven, experienced and knowledgeable candidate who has a proven track record in information security engineering and operations. A candidate who not only has the technical expertise but the interpersonal skills to work collaboratively with Infrastructure, Development, Information Security, and Risk Management teams.
This individual will be working in a high-performing technical environment supported by a diverse group of knowledgeable individuals. The candidate is expected to be hands-on, technically, and to support Vulnerability and Compliance Management processes.
The position provides an opportunity to participate in an energetic and fast-paced environment using the latest technology and tools to build and secure a one-of-a-kind financial services processing platform running in a virtual cloud-based data-center.
Key Job Functions
Responsible for supporting the needs of the Compliance and Vulnerability Management Programs. These programs conform to standard lifecycle phases – Initiation, Discover, Assess, Mitigate and Validate. The candidate will ensure that all compliance and vulnerability management services are operating and performing within established program guidelines.
Lifecycle activities include but are not limited to inventory and monitoring of all assets, assessment and data analysis, reporting and findings remediation. Additionally, daily responsibilities also include incident response, risk and controls assessments, audit support, as well as the creation and development of documentation.
Fulfill assessments, prepare reports, and conduct read-out calls with the appropriate teams to review each vulnerability, answer questions associated to the vulnerability, and provide mitigation/remediation strategies/solutions.
Liaison directly with Information Security teams, Enterprise Risk Management and Infrastructure to create and maintain compliance standards that meet CSS security control objectives. Maintain configuration baselines in a manner determined and agreed upon by management.
Configure, maintain and operate compliance and vulnerability management tools.
Continually improve the team’s effectiveness and efficiency by enable new security features or technologies, identifying improvements to existing processes and providing relevant reports.
Specialized Knowledge & Skills
Demonstrates technical proficiency and knowledge in information assurance, network security, computer information systems, computer science, or management information systems.
Demonstrates hands-on experience with relevant compliance and vulnerability management technologies such as Nessus, Qualys, Divvycloud, Dome9 and Tripwire.
Familiarity with information security policies, standards, industry best practices, and frameworks (NIST 800-53, FISMA).
Knowledge and hands-on experience with cloud-based solutions like AWS and Operating systems from Redhat and Microsoft.
Excellent interpersonal, presentation, and verbal/written skills with the ability to influence peers and management to fulfill program objectives.
Is a self-starter, adapts to change, motivated to set personal and program goals and proactively tracks performances.
Desirable: - CISSP, CISM Certification.
As a condition of employment with Common Securitization Solutions, any successful job applicant will be required to pass a pre-employment drug screen and to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.
Common Securitization Solutions is an Equal Opportunity Employer.