Threat and Vulnerability Management Manager

Location: Pittsburgh

Job Type: Full Time / Permanent

The Cyber Threat and Vulnerability Service Manager contributes to the global design and implementation of security management services. This is accomplished through developing secure and resilient IT services for threat intelligence and vulnerability management. The jobholder will be responsible for overseeing service delivery to ensure continuous collection, analysis, and response to relevant cyber threat and vulnerability information. In addition, this role includes cybersecurity incident response across the enterprise. The jobholder has the authority to initiate the IT Security Incident Management Process, and to brief all levels of executive management on security topics and to execute emergency responses during cybersecurity breaches.

Major tasks and responsibilities: • Provide qualified guidance on and coordinate execution of identification, analysis, response and monitoring of cyber threat and vulnerabilities • Develop and monitor threat and vulnerability management activities • Initiate improvements, innovations and product lifecycle management • Support the cyber incident management process • Support Cyber Defense function overall including operational “security mailbox” handling support Vulnerability Management • Develop, coordinate and continuously improve a global vulnerability management service in close collaboration with other global teams • Analyze and interpret results of vulnerability management activities using standard frameworks (CVSS) • Research and investigate new and emerging vulnerabilities, to include 0Day events • Manage enterprise vulnerability assessments, including penetration tests and other independent verifications of security effectiveness. • Identify and resolve false positive findings in assessment results • Oversee delivery of cyber vulnerability services provided by 3rd parties • Partner with stakeholders to streamline, standardize and document vulnerability remediation procedures Threat Management • Research and investigate new and emerging cyber threats and vulnerabilities through participation in external security communities. • Manage the collection, analysis, and dissemination of cybersecurity threat information, including controlling the quality of intelligence suppliers.

Qualifications (Education, skills, experiences): • Master’s degree in information technology or information assurance (or related field) with minimum 5 years’ experience or B.S in IT (or related field) with minimum of 7 years’ experience • Hands on experience with identifying, analyzing, and communicating cyber threat and vulnerability information. • Experience applying threat and vulnerability analyses models, including the LM Cyber Kill Chain, the Diamond Model of Intrusion Analysis, the Mitre ATT&CK Framework and the Common Vulnerability Scoring System (CVSS) • Expertise of security concepts and best practices • Cyber security incident management experience • Intercultural experience • Exemplary verbal and written communication skills (English business fluent spoken and written) • Demonstrated ability to think strategically and perform detailed, complex analysis and data interpretation • Effective interpersonal skills, out-of-the-box thinking and ability to interface with all levels of staff • Ability to work under pressure and deal with ambiguous situations • Ability to travel globally • Proven project management experience (Preferred) • Experience in modern security tooling (e.g. EDR and SIEM) (Preferred)