Vulnerability Manager

Position Title: Vulnerability Manager

About Advanced Energy

Advanced Energy Industries, Inc. (NASDAQ: AEIS), enables design breakthroughs and drives growth for leading semiconductor and industrial customers. Our precision power and control technologies, along with our applications know-how, inspire close partnerships and innovation in thin-film and industrial manufacturing. We are proud of our rich heritage, award-winning technologies, and we value the talents and contributions of all Advanced Energy's employees worldwide.

Position Summary:

The Vulnerability Manager will be responsible for identifying, tracking, coordinating, and verifying remediation of vulnerabilities in internal and external landscapes. The individual in this role is expected to have a general understanding of many different systems, applications, and business processes across the company. The Vulnerability Manager will understand operating systems (both physical and virtualized), applications, networking and cloud infrastructure concepts, and known exploitable vulnerabilities as well as emerging threats. Working closely with the IT Infrastructure, Network, and Applications teams, the Vulnerability Manager will collaborate identification and remediation of vulnerabilities as well as the overall attack surface. The role is highly technical, and the Vulnerability Manager is expected to have a diverse understanding of cybersecurity principles, enterprise level systems, and business process dependencies. This role will stay up to date with the evolving threat landscape, potential impact, and risk on advanced technologies, as well as legacy systems and applications.

The Vulnerability Manager will take an active lead to inform, advise and collaborate with technology leadership and business units to secure the confidentiality, integrity, and availability of company assets. The manager will regularly report on the state of vulnerabilities and metrics to Information Security and IT Leadership. The ability to collaborate with multiple teams and take a pragmatic approach, while at the same time possessing a sense of urgency when required, is essential. The Vulnerability Manager will support strategic initiatives driven by Information Security and IT Leadership for short- and long-term plans to identify, protect, and reduce the attack surface across company assets. This position will report to the Director of Information Security.

Responsibilities:

• Monitor for vulnerabilities within applications, technology assets, networks, cloud services, and other elements of the threat landscape.
• Collaborate with IT and Security Operations to manage internal- and external-facing systems to identify, track and remediate system and application vulnerabilities.
• Support IT operations in remediating system and application vulnerabilities.
• Conduct continuous discovery, assessment and remediation status of in-scope vulnerabilities.
• Prioritize vulnerability remediation based on criticality, exploit probability, rating and assessed risk.
• Document, prioritize, recommend, validate and report on the state of vulnerabilities.
• Recommend tactical options to reduce attack surface, containment alternatives and impede attackers.
• Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to monitored threats.
• Remain current with emerging threats and share knowledge with colleagues to improve security posture.
• Define key performance indicators and metrics to illustrate efficacy and program maturity for vulnerability management.
• Maintain documentation related to vulnerability policies and procedures.
• Assist with host and application hardening (including benchmark assessments) across company-wide assets.
• Serve as a point of contact for new and existing vulnerability-related issues.
• Assist with change management operations to ensure new vulnerabilities are not introduced.
• Provide vulnerability education and guidance to stakeholders, developers, IT and business leaders as needed.
• Availability to work nonstandard business hours to respond to and mitigate critical threats.
• Perform other duties as assigned.

Qualifications:

• Bachelor's degree in cybersecurity, computer science, engineering, or a related field.
• Preferably one or more certification such as, GEVA, GSOC, CISA, CISSP.
• At least five years of experience in security operations, vulnerability management or IT Operations.
• Experience with vulnerability management across common cloud platforms.
• Understanding of Windows and *nix operating systems, endpoint applications and networking.
• Understanding of OWASP, CVSS and MITRE ATT&CK framework and the software development lifecycle.
• Capacity to comprehend complex technical infrastructure, managed services and third-party dependencies.
• Strong written and oral communication skills across varying levels of the organization.

As part of our total rewards philosophy, we believe in offering and maintaining competitive compensation and benefits programs for our employees in order to attract and retain a talented, highly engaged workforce. Our compensation programs are focused on equitable, fair pay practices including market-based base pay, an annual pay-for-performance incentive plan, we offer a strong benefits package in each of the countries in which we operate.

Advanced Energy is committed to diversity in its workforce including Equal Employment Opportunity for Minorities, Females, Protected Veterans, and Individuals with Disabilities.

We are committed to protecting and respecting your privacy. We take your privacy seriously and will only use your personal information to administer your application in accordance with the RA No also known as the Data Privacy Act of 2012.