IT Risk Mitigation Engineer II

This is a fully remote position, open to applicants in United States.

📋 Description

• Take on a vital, supportive, and technical position within the RM team.

• Aid both technical and team initiatives to refine and direct the focus and execution of remediation solutions that deliver effective, accurate, comprehensive, and actionable reporting, along with best practices configurations and timely patching.

• Collaborate with Security and IT Infrastructure to sustain or establish risk-based, actionable remediation requirements for all supported, auditable technologies.

• Leverage a wide range of technical expertise to identify and investigate vulnerabilities, subsequently partnering with the appropriate technology team to address the findings.

• Assist in or directly manage and support vulnerability management programs, which involve reviewing routine scans and assessments of the organization’s systems, networks, and applications to pinpoint security vulnerabilities.

• Resolve or help resolve information security vulnerability findings, including zero-day threats, targeted attacks, and internal or external weaknesses in IT platforms, appliances, systems, services, applications, or configurations.

• Collaborate with various teams to synchronize scanning, reporting, and tracking in alignment with industry best practices, regulations, and standards relating to vulnerability management.

• Enhance reporting maturity through automation, consolidation, and other necessary techniques.

• Conduct or assist with regular and on-demand scanning of organizational systems and cloud environments.

• Maintain comprehensive documentation regarding Velera’s threat management standards, policies, and procedures.

⛳️ Requirements

• An associate degree or a competency-based degree in a relevant IT discipline is preferred.

• Relevant industry certifications such as A+, Network+, Security+, CISSP, CISM, or equivalent are advantageous.

• A minimum of 2 years of experience in vulnerability management/compliance monitoring or equivalent experience is required.

• Familiarity with and/or experience in technical concepts associated with Windows and/or Linux server operating systems, cloud computing, automation, networking, and application development.

• Experience in reviewing vulnerability scans, penetration tests, network admission control, and/or SIEM systems like Nessus, Rapid7, Qualys, etc.

• Experience with IT controls monitoring for regulatory and compliance requirements.

• Understanding of vulnerability data management and reporting process automation.

• Knowledge of OWASP tools and methodologies is a plus.

• Familiarity with scripting languages (e.g., Powershell, Python, YAML, etc.) is a plus.

• Experience with ServiceNow is beneficial.

• Practical knowledge of information security best practices.

• Practical knowledge of ITIL principles and practices.

🏝️ Benefits

• Competitive wages.

• Medical with telemedicine.

• Dental and Vision coverage.

• Basic and Optional Life Insurance.

• Paid Time Off (PTO).

• Maternity, Parental, and Family Care leave.

• Community Volunteer Time Off.

• 12 Paid Holidays.

• Company Paid Disability Insurance.

• 401k plan with employer match.

• Health Savings Accounts (HSA) with company contributions.

• Flexible Spending Accounts (FSA).

• Supplemental Insurance options.

• Mental Health and Well-being support through an Employee Assistance Program (EAP).

• Tuition Reimbursement.

• Wellness program.