Vulnerability Remediation Lead

CoreWeave Cyber Security is looking for an experienced and talented vulnerability lead to join their team. As part of the Cyber Security Organization at CoreWeave, you will be responsible for all facets of the SOC2 and ISO 27001 compliance assessment programs pertaining to vulnerability assessments and remediation controls. The vulnerability assessments are required to provide assurance to business & network partners that the technologies in scope for CoreWeave’s environment have been properly secured in accordance with current internal programs’ security standards. The Vulnerability Remediation Lead is responsible for coordinating and conducting cybersecurity assessments, identifying any gaps and potential threats, and working with the engineering and technology teams to carry out remediation plans. This person must be a strong communicator and comfortable collaborating with all levels of management as well as the business, infrastructure, engineering, architecture, operations, and application teams. The ideal candidate will have good customer focus, a positive attitude, and excellent interpersonal, verbal and written communication skills with a strong attention to detail.

Responsibilities include:

• Manage the vulnerability assessment life-cycle from beginning to end. Assessment activities include pre-assessment meetings, artifact/evidence collection, assessment workflow management, cybersecurity assessment report generation and documenting risk associated with compliance issues
• Organize network-based scans to identify possible network security vulnerabilities and host-based scans to identify vulnerabilities in workstations, servers and other network hosts
• Record non-compliance as gaps and assist impacted technology teams to remediate them
• Ensure new, in-scope applications are deployed in a compliant manner
• Execute the technical cybersecurity vulnerability assessments of CoreWeave applications and/or technologies
• Develop automated reporting dashboards within security scanning tool(s) to report on vulnerability counts, trends, etc.
• Lead the periodic Patch Review meeting, per OS type, outlying the in-scope patches applicable and scheduling of patching/remediation plans to be conducted
• Facilitate assessment meetings between external assessors, Business and Technology teams (Application Development, Infrastructure, Cybersecurity, etc.)
• Provide security compliance consulting services as needed
• Maintain accurate information and support departmental reporting needs
• Review and define requirements for additional information security solutions
• Ability to provide solutions to complex issues; handle multiple tasks in a fast-paced environment; set priorities; meet deadlines per project scope
• Demonstrated ability to present complex, technical information to both technical and non-technical audiences
• Strong time management, good technical writing, presentation, and documentation skills
• Ability to work with minimal supervision, attention to detail, and follow-through
• Perform other work-related duties as assigned

Requirements:

• Educational Qualification: Bachelor's in Information Security, Computer Science, or related degree; CISSP or CISA Certification or equivalent
• Minimum of 5 years work experience in vulnerability analysis, remediation or IT program management
• Experience in or leading a vulnerability assessment and remediation team
• In-depth knowledge of the industry's standards and regulations, specifically SOC 2, ISO 27001:2022, GDPR and HIPAA
• Has any of the following certifications: Certified Intrusion analyst (GCIAs), GIAC Reverse Engineering Malware (GREM), GIAC Penetration Testing Certification (GPEN), GIAC Certified Enterprise Defender (GCED), Certified Geographic Information Systems Professional (GISP), GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate (CCNA), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), GIAC Security Essentials Certification (GSEC), Offensive Security Certified Professional (OSCP), and/or Security Cisco Certified Networking Professional – Security (CCNP-Security)
• Understanding of concepts related to information security domains such as Cloud Computing, Physical security, 3rd Party Risk Management, Identity and Access Management, Data Security, Vulnerability and Patch Management, Malware Defenses, CIS Top 18 Controls
• Integrating new technologies into existing technology portfolio
• Collaborating with cross-functional teams, including engineering
• Excellent knowledge of reporting procedures and record keeping
• Ability to succeed in a team environment or work as an individual contributor

Nice -to - have's:

• Familiarity with Linux, Windows and MacOS operating systems
• Methodical and diligent with outstanding planning abilities
• Able to meet deadlines and handle multiple priorities
• Strong ability to negotiate with business partners to attain successful outcomes
• Excellent communication skills
• Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget and on time
• Self-starter and requires minimal direction from leadership
• Ability to present and effectively communicate with all levels of the organization
• Flexible with the ability to multitask, effectively prioritize and work under pressure
• Advocate of continuous improvement and industry recognized best practices

The Vulnerability Remediation Lead works standard business hours, with on-call responsibilities. CoreWeave is a fast growth startup, and the selected candidate is willing to be flexible for when they are needed. There will be times where the Vulnerability Remediation Lead needs to be available outside of regular business hours to support critical issues or meetings.