• MGR - Information Security Vulnerability

    Posted Date 3 weeks ago(11/19/2018 9:55 AM)
    Requisition ID
    Career Category
    IT & Technical Operations
    Company Employee Full-Time
  • Position Summary

    Our Team
    As Discovery’s portfolio continues to grow – around the world and across platforms – the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O builds, implements and maintains the business systems and technology that are critical for delivering Discovery’s products, while articulating the long-term technology strategy that will enable Discovery’s growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms.

    From Amsterdam to Singapore and from satellite and broadcast operations to SAP, we are driving Discovery forward on the leading edge of technology.


    The Role
    The Manager of Vulnerability Management will lead the vulnerability team and lifecycle from detection through analysis, remediation, and verification. This individual will be responsible for translating results into prioritized remediation action items for global support groups. The Manager defines a scalable strategy for staying ahead of vulnerabilities across a large scope including both on-premise and cloud environments. As such, he/she must have effective written and communication skills paired with a technical background.


    1. Work with a team of resources comprised of on-/off-shore suppliers and employees in day-to-day monitoring, supporting, maintaining and enhancing a set of vulnerability management systems
    2. Advance the VM program to keep up with the constantly changing threat and IT landscapes
    3. Manage the VM team, including 24/7 coverage to address immediate threats or security incidents
    4. Evaluate and advise the Risk Management team and business on whether to mitigate, transfer, or accept residual risk of vulnerabilities
    5. Produce complex metrics for VM via API calls, SQL, and front-end dashboard development
    6. Integrate ServiceNow into the VM workflow and reporting processes
    7. Develop and implement automated tools and scripts for TVM as needed
    8. Drive remediation of external penetration test findings
    9. Continuously analyze threat and intelligence feeds to prioritize remediation
    10. Assist in the development, maintenance, and implementation of security policies and procedures
    11. Ensure that policies and procedures are implemented and enforced through both manual and automated controls
    12. Provide management status reports and escalations on all VM requests and incidents
    13. Participate in the remediation of audit findings as needed
    14. Participate in various security activities, including special projects and documentation
    15. Able to be on call for incidents and problems as needed
    16. May perform other duties as assigned


    * One or more of the following certifications required:
         o CISSP (Certified Information Systems Security Professional)
         o IT/Security Vendor Certifications (e.g. Cisco, Microsoft, RSA)
         o GIAC/ GSEC (Global Information Assurance Certification – Security Expert)
         o GIAC/ GCIA (Global Information Assurance Certification – Certified Intrusion Analyst)
    * Strong leadership skills with a proven track record of building and growing a high performing team
    * Proficient in at least one scripting language and SQL
    * Able to conduct vulnerability testing and analysis of computers, networks, and applications
    * Able to maintain proficiency in tools, techniques, and countermeasures in network vulnerabilities
    * Able to identify, monitor, and investigate computer and network intrusions
    * Strong time management and organizational skills required, including ability to adapt to constantly changing priorities
    * Strong customer service, communication, and presentation skills required
    * BS degree in computer science or computer engineering preferred; will consider applicants with equivalent work-related experience with a minimum educational requirement of a high school diploma or GED equivalent
    * Minimum of 8-10 years of security and/or IT experience required
    * Understanding of network security systems and protocols, including firewalls, Radius and TACACS+, IPSEC and IKE, SSH, etc.
    * Ability to maintain proficiency in vulnerability and threat management best practices
    * Ability to develop and implement security procedures and controls

    * Must have the legal right to work in the United States 

    Sterling, Virginia, VA


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed