Full Time Job

Principal Security Engineer, Vulnerability Management

Sony Pictures

Culver City, CA 08-30-2022
Apply @ Employer
  • Paid
  • Full Time
  • Senior (5-10 years) Experience
Job Description
Principal Security Engineer, Vulnerability Management
Our Vulnerability Management Operations (VMO) team uses various security tooling to identify, classify and track remediation of vulnerabilities in our information systems.

You will interact with other teams (onshore and off) to enable prioritization, escalation and remediation of vulnerabilities, as needed. You will document standards and processes related to Vulnerability Management and keeps them current. The position will report to the Executive Director of Vulnerability Management.

What You'll Do:
• Conduct vulnerability scans at the desktop, network, server, database, and application (DAST & SAST) levels on both internal and external systems within this organizations enterprise
• Provide technical guidance to engineering teams regarding the impact of security issues
• Drive remediation by working with various teams
• Assist in generating asset inventory reports and identify discrepancies
• Run both internal and external penetration tests, ensuring timeliness and accuracy of reports
• Automate vulnerability scans
• Develop technical and non-technical solutions to help mitigate security risks
• Develop integrations between various tools and our VM management system
• Improve existing security process by automation and integration
• Deliver security metrics and improvement
• Document security guidance & processes as they relate to policy
• Champion security in the organization

What you will have:
• Bachelor's degree in computer science or a technology related filed required
• 5-7+ years of experience in Information Technology
• 5-7+ years of experience in an Information Security role
• Understanding of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them
• Knowledge in Vulnerability Management and its related processes and procedures
• General understanding of security fundamentals (cryptography, least privilege, segregation of duties…) and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, identity management, directory services, etc.
• Knowledge of Active Directory, DDNS, Group Policy, Microsoft Windows Server and Desktop operating systems
• An understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security
• An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Familiarity with vulnerability management frameworks and concepts such as CVE, and CVSS
• Experience with common CI/CD and software deployment automation tools
• Understanding of security management, governance, and risk
• Experience of working in an Agile (Scrum/Kanban) development environment
• Broad technical knowledge, and ability to quickly assimilate new skills
• Ability to positively influence others without direct authority towards a common purpose
• Ability to adapt to shifting priorities, demands and timelines
• Ability to work efficiently within a matrix management organization
• Excellent interpersonal, communication, presentation, and collaborative skills to work effectively with executive leadership, IT, and Information Security teams throughout organization

Nice To Have:
• Strong experience in automation, coding and scripting languages.
• Security related certifications preferred
• CISSP – Certified Information System Security Professional
• CEH – Certified Ethical Hacker
• An understanding of PCI Compliance and EU GDPR Requirements
• Experience with IaaS, PaaS, IaC and Cloud Services such as AWS, Azure, and GCP
• Understanding and experience with container-based architectures

* Sony Pictures - CA - Culver City Area & Studios

Jobcode: Reference SBJ-r1085v-44-201-68-86-42 in your application.

Company Profile
Sony Pictures

Sony Pictures' global operations encompass motion picture production, acquisition and distribution; television production, acquisition and distribution; television networks; digital content creation and distribution; operation of studio facilities; and development of new entertainment products, services and technologies.