Director - Threat & Vulnerability Management


Job Description

Job Details

As a leader of the Threat and Vulnerability Management [TVM] Team, you will be focused on operational efficiency behind deployment, maintenance, and performance of services supporting vulnerability scanning of Salesforce assets hosted on public cloud (Azure, AWS, and/or GCP).

To be a great fit for this position, you should have experience with supporting mature vulnerability management programs, with securing public cloud environments, and with leading a small team.We are looking for fellow team members that will demonstrate proficiency with adjusting security control implementation strategies for large, ephemeral, and containerized workloads. Experience with vulnerability and configuration scanning products, enterprise-wide implementations, and passion for security with an ability to deliver results is the perfect mix!

Here’s what you’ll do:

Learn and adapt to Salesforce security strategies, security goals, security objectives and security capabilities to provide a mature and effective vulnerability detection methodology

Implement and maintain enterprise-wide vulnerability management infrastructure and platform across first party and public cloud environments

Provide strategies on vulnerability, configuration, and cloud security scanning

Advise on policy creation based on industry benchmarks and Salesforce security practices

Provide technical authority, vision, and guidance to ensure the continued evolution of Salesforce’s (TVM) program

Monitor endpoint security trends and emerging security threats and recommend changes to policy, procedures and tools

Establish strong working relationships with different parts of the business to provide guidance on remediation of findings

Drive operational efficiency and effectiveness for areas of responsibility

Ensure strong documentation, knowledge overlaps, metrics-driven action, emphasize on automation and scalable solutions

Provide direct or indirect management to a team of security professionals to solve complex issues

Work cross-functionally with product management and distributed systems engineering teams to complete large scale projects with impact across the company

Help team members grow in their respective career paths, provide mentorship and guidance

Motivate and champion a strong team culture

Adapt to change quickly and eagerly: changing requirements, changing priorities, changing strategies

Advocate security and secure practices throughout Salesforce

Here’s what you’ll need:

Minimum of a B.S. in Computer Science, MIS, or related degree and seven (7) years of relevant experience including management or leadership experience or a combination of education, training and experience

2+ years of security experience

2+ years of public cloud experience

Thought leader, articulate, consensus builder, and who is persuasive with a demonstrated ability to serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical team members at all levels of the organization

Experience managing a Vulnerability Management or security related program

Strong working knowledge of Vulnerability Management and Security Testing lifecycles, processes, and procedures

Experience with Cloud Security and deploying enterprise-wide controls in Azure (AWS and/or GCP are a plus)

Experience managing client-server architectures

Strong problem-solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations

Experience troubleshooting issues and providing customer support

Ability to self-motivate when given strategic goals

Ability to translate strategic or operational goals to technical and tactical requirements and architectures

Fundamental understanding of accepted security practices, known attack vectors, and vulnerability assessment methodologies

Strong written and verbal communications (+ asynchronously when working with global teams)

Strong operational knowledge of Linux (scripting is a major plus)

Strong understanding of Information Security principles and technologies

Experience with networks, firewalls, endpoint protection, log management, patch management, and Active Directory

Familiarity with industry blogs, key publications in the field of security, and awareness of any recent significant security events

Security certificates are a plus

FindTheBestJob is a free service and does not charge a fee at any stage of application or recruitment process. Don’t provide your bank account or credit card details to anyone during job application. FindTheBestJob does not guarantee the availability of a job since organizations may end applications earlier than due date.

Apply Now