Sec Remediation Engineer

There's a strong connection here.
Full Time Maryland Heights, Missouri Posted 05/17/2022 Business unit: Corporate - CCL - CORPL Areas of interest: Cybersecurity, Information Technology Requisition Number: 311736BR ISE348
Lead internal teams through risk registry, scope registry, and exception management processes and procedures by categorizing findings to provide solutions that leverage industry and technical expertise in order to remediate the security risk. Guide stakeholders (business leaders, business process owners and product owners) in decisions for remediation of security risks and control gaps. This position will also be responsible for identifying opportunities for organization to remediate security gaps and improve business performance. In addition, this role will apply the concepts of Enterprise Risk Management to help organization identify, assess, and mitigate emerging risks.

Actively and consistently supports all efforts to simplify and enhance the customer experience.
  • Analyze findings discovered through risk assessments conducted by internal teams in order to manage risk registry process and procedures to categorize security risk.
  • Define security controls and processes and propose recommendations to remediate security risk and control gaps/solutions.
  • Prioritize findings in risk registry, collate supporting data, and determine risk tolerance in order to build solution with appropriate fix agents (internal IT teams) needed to remediate findings.
  • Conduct client meetings (to include product owners, leadership, executive owners, and risk groups) to communicate a broad range of services to include commencing risk registry process, defining scope and scope registry process, solutions to remediate risk, and managing exceptions to defined risk tolerance.
  • Present prioritized security risks and solutions from Risk Registry to leadership groups within departments (business owners, product owners and support functions of the organization) balancing security risk tolerance and business needs as vulnerabilities are detected.
  • Configure scope of finding from the Risk registry process in order to define, recommend, and orchestrate internal (IT Security) and external (fix agents) workflows, processes, and procedures needed to remediate security risk through scope registry process.
  • Manage relationships of various product owners throughout scope registry process in order to determine proper scope of each remedy requested.
  • Create workflows using defined analytics and business logic to liaise with internal technical teams (fix agents) to communicate plan to remediate vulnerability detected.
  • Orchestrate all components throughout project with fix agents until closure of the risk is determined.
  • Prepare, liaise, and manage engagements where exception management is requested for a risk finding.
  • Prepare concise analytics and documentation to quantify risk by comparing risk findings identified to the enterprise risk matrix components and definitions to properly categorize risk (high, medium, or low risk) as part of exception management process.
  • Identify opportunities proactively to remediate security gaps to improve business or department performance.
  • Develop meaningful metrics and reporting on findings to reflect true posture of the environment to present to organization, allowing for educated decision making based on risk.
  • Research methods to improve security remediation program and security infrastructure processes to be more effective and efficient to include implementing current security practices in industry.
  • Identify, assess, and mitigate emerging risks using concepts and methodologies under Enterprise Risk Management methods used by organization.
  • Maintain deep subject matter expertise of current threat, vulnerabilities, attacks and countermeasures in order to respond effectively to findings.
  • Provide training to team members on Risk Registry, Scope Registry, and Exception Management processes to determine findings, scope, and plans for remediation.

Required Skills/Abilities and Knowledge

Ability to read, write, speak and understand English
  • Knowledge of performing IT Risk & Security assessments across a broad range of technologies, leveraging thorough technical and operational knowledge of Information Security best practices and industry standards
  • Knowledge of various operating systems (Window, UNIX, Linux, AIX, etc.) with an emphasis on vulnerability assessment and hardening.
  • Knowledge of at least one scripting language
  • Knowledge of Common Vulnerability Scoring System (CVSS)
  • Knowledge of ethical hacking and exploitation
  • Basic knowledge of technical aspects of the following areas: IT Audits, IT Risk Management, Information Security and/or Technical Privacy. Basic working knowledge of planning and executing remediation projects in one or more of the following areas: Information Security, Risk Management, Technical Privacy/Compliance, IT Security Audit, and / or IT Risk Management.
  • Basic knowledge of Internal and External Audit practices and/or knowledge of Information Security practices in a professional services firm or large enterprise.
  • Basic knowledge of utilization of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc), mainframe, firewalls, routers, wireless environments, mobile devices, and cloud computing.
  • Basic understanding of Information Security strategy, organization, policy and Governance fundamentals.
  • Knowledge and experience required in the areas of security assessment and vulnerability scanning, risk based threat analysis, and security mitigation techniques
  • Experience with Vulnerability Scanner a plus
  • Ability to present technical concepts to non-technical audiences
  • Ability to be adaptable and flexible while working in a dynamic environment
  • Foster and maintain relationships with key stakeholders, departmental leadership, and business partners
  • Excellent oral and written communications skills

Required Education
Bachelor’s degree in BA or BS Management Information Systems, Computer Science, Accounting, and /or business related discipline, or equivalent work experience
One of the following or equivalent certifications required:
-Information Systems Security Professional (CISSP)
-Certified Information Security Manager (CISM)
-Certified Information Systems Auditor (CISA) certifications
-Certified Ethical Hacker (CEH) or other security, risk, or audit professional related certifications

Required Related Work Experience and Number of Years
IT Security and/or Corporate Risk Work experience - 4+
IT Risk Management, Vulnerability, Ethical Hacking, and/or IT Internal Audit including experience in Information Security & Technical Privacy.

Office environment

ISE348 311736 311736BR

Get to Know Us Charter Communications is known in the United States by our Spectrum brands, including: Spectrum Internet®, TV, Mobile and Voice, Spectrum Networks, Spectrum Enterprise and Spectrum Reach. When you join us, you’re joining a strong community of more than 93,000 individuals working together to serve more than 32 million customers in 41 states and keep them connected to what matters most. Watch this video to learn more.

Who You Are Matters Here We’re committed to growing a workforce that reflects our communities, and providing equal opportunities for employment and advancement. EOE, including disability/vets. Learn about our inclusive culture.

Related jobs

View All of Our Available Opportunities

Sign up for job alerts

Sign up to receive the latest career opportunities directly to your inbox. All fields marked with an asterisk (*) are required.

Areas of interestEnter a location and a category, and click "Add" to create your Job Alert.

  • Cybersecurity, Maryland Heights, Missouri, United StatesRemove
  • Information Technology, Maryland Heights, Missouri, United StatesRemove

Spectrum employeeAre you currently a Spectrum employee?

There's a strong connection here.