Vulnerability Management Engineer

Job Description

Your Platform

Activision Blizzard plays a centralized role in the creation of epic entertainment by supporting our interactive gaming brands and studios with a diverse range of career opportunities across corporate functions such as Marketing, Communications, Legal, Human Resources, Finance and Supply Chain. Located in our global headquarters in Santa Monica, we encompass equal parts agility, creativity and rigor to enhance the employee and player experience. To learn more, check us out at www.activisionblizzard.com or on Twitter at @ATVI_AB.

Your Mission

Activision, the publisher of the hit Call of Duty franchise, is looking for a passionate security analyst to join our Activision Blizzard King (ABK) Security Vulnerability Management team. If you are an avid gamer with a vulnerability management background, come be a part of our team. The Vulnerability Management team is supporting all our business partner teams to identify vulnerabilities affecting any of the assets of the organization. You will work closely with the rest of the Vulnerability Management team for coordinating communications for incoming new vulnerabilities, detecting, triaging, prioritizing, reporting and helping to patch vulnerabilities affecting any of the resources inside the business.

You will also be responsible for building and maintaining metrics and KPIs for vulnerability management, that include scan coverage or compliance against our defined SLAs. The entire team is also involved in cooperation with any other teams to help patch and prevent vulnerabilities.

This role reports into the Director, Offensive Operations and maintains strong relationships with all line-of-business technology groups. You will work closely with several key individuals and teams and will be part of a talented team of security engineers who demonstrate superb technical competency, contributing to make our infrastructure as secure as possible. Qualified candidates will have a background in IT, computer, security systems analysis and engineering.

Priorities can often change in a fast-paced environment like ours, so this role includes, but is not limited to, the following responsibilities:
• Review any recent vulnerabilities made public to ensure ABK address the risk, prioritizes and coordinate efforts between multiple teams to address them in a timely manner
• Become the main point of contact for inquiries about vulnerabilities and vulnerability-related tickets
• Provide the technology teams with help regarding vulnerabilities, this being risk evaluation, patching, etc.
• Prepare security related assessment reports with clearly documented findings and recommendations
• Ensure that all ABK assets are in scope and scanned according to the policies
• Identify gaps in our current processes, workflows and design architectures and recommend changes or enhancements as needed
• Work with other teams to drive new projects
• Act as an advocate for security and the team in all tasks and engagements, not just vulnerability management specific

Player Profile

Minimum Requirements:
• Organized mindset, to help the team coordinate efforts and to build playbooks that will be leading ABK actions
• Strong ability to understand vulnerability ratings, criticality and impact
• Solid understanding of vulnerability management processes.
• Experience hardening clients, servers and networks services
• Deep knowledge about vulnerabilities, impact and risk associated with them
• Excellent knowledge of cloud security best practices and solutions in cloud security posture management.
• Experience in Cloud Services like Google Cloud, AWS, Azure
• Experience defining Identity and Access Management frameworks
• Experience with network technologies, security, and monitoring tools
• Hands-on experience with log collection, normalizing, and management; security infrastructure and policies; and risk mitigation
• Thorough understanding of the latest security principles, techniques, and protocols
• Ability to problem solve independently and collaborate as a team to solve complex problems in support of the team's mission
• Proven experience in installing, configuring, and troubleshooting Microsoft Windows and/or UNIX/Linux based environments
• Knowledge of industry best practices for foundational security elements including network devices and system-level hardening

Extra Points:
• Proven work experience as a system engineer or information security engineer
• Detailed technical knowledge of operating systems and security
• Knowledge of containerization software: Docker, Kubernetes
• Knowledge of shell scripting, Python, Perl
• Knowledge of Security Orchestration Automation and Response (SOAR) products.

Jobcode: Reference SBJ-gm914m-18-220-66-151-42 in your application.