Job Description
Description
Job Summary
As the Manager of Vulnerability Management and Pen Testing under the Global Fusion Center US (part of Tokio Marine Holdings), you will be responsible for uncovering and mitigating the evolving cyber threats through rigorous penetration testing and proactive vulnerability management methodologies. This is an exciting and unique opportunity to build a global vulnerability management and penetration testing team. This position extends beyond mere technical skills—it requires leadership, strategy formulation, building and directing a dedicated team, and effectively communicating vulnerabilities and remediation strategies across the organization.
Essential Job Functions
- Establish a global penetration testing and vulnerability management function through partnership with fusion center team leadership including the SVP of Fusion Center, and VP, Global ISO
- Use an analytical approach to build and troubleshoot Infrastructure and Applications driving risk reduction and surfacing risk posture across the organization
- Perform complex vulnerability scans in on premise and cloud environments using common vulnerability assessment tools
- Curate and assess vulnerability data extracts to analyze and resolve false positives
- Develop reports using data that is hosted in multiple tools (e.g., dashboards) and communicate clearly to leadership and other cyber security teams
- Review and risk assess the criticality and priority of all vulnerability scans along with existing toolset for prioritization
- Responsible for managing and conducting both local and remote penetration testing activities
- Lead, develop and guide a team of cyber analysts and penetration testers
- Establish and build strong working relations and partnerships with Business Units and Senior Management
- Comply with proper internal controls as necessary to conduct job functions and/or carry out responsibilities and/or administrative activities at the Company
- Perform special projects and other duties as may be assigned
Qualifications
- 5-10 years in a professional environment as part of an operational security function (vulnerability management, application testing, penetration testing)
- Minimum of 3 years on a large-scale global vulnerability management engagement
- Advanced understanding of cyber testing lifecycles (e.g., threat/penetrating testing, ethical hacking) with experience contributing to the build of a vulnerability and penetration testing programs
- Experience judging the priority of a vulnerability based on risk and impact
- Deep application security knowledge, with the ability to map an application vulnerability to exploitation indicators
- Sound knowledge of common infrastructure and web application vulnerability categorizations such as CVE, CVSS, CWE.
- Experience managing highly technical cyber security resources or penetration testers
- Considerable experience in customer-facing roles with excellent communication skills
- At least 3-5 years working within a global cyber security function
- Industry security certification (CISSP, GPEN, OSCP) preferred
- Fluency in a foreign language is highly desirable, but not required
- Bachelor’s Degree preferred
Salary range $125,000 to $180,000. Ultimate salary offered will be based on factors such as applicant experience and geographic location. Our company offers a competitive benefits package and bonus eligibility on top of base.
Application Deadline: 6/1/2024
Additional benefits information can be found here: https://tmnas.com/benefits-at-tmnas.aspx
Summary
Manager, GFC Team