Ultimate Software is seeking an experienced Vulnerability Risk Researcher for our Global Security Vulnerability and Risk team.
This position is responsible for analyzing security vulnerabilities and determining if there is an attack surface and impact. The ideal candidate understands the full cycle of a software vulnerability, from exploitation to mitigation.
This position demands one to stay current with emerging technologies and vulnerabilities, while managing cross-team dynamics. Attributes we will look for in our candidates include excellent technical and analytical skills, communication and flexibility, innovative thinking and problem solving.
Here at Ultimate Software, we truly put our people first. We strongly believe in teamwork, and we encourage and trust our people to reach higher, learn more, and live up to their potential. Ultimate is ranked #1 on Fortune's Best Places to Work in Technology for 2019 and #8 on the 100 Best Companies to Work For list in 2019. Ultimate is also ranked #1 on Fortune’s 75 Best Workplaces for Women and #5 on its Best Workplaces for Diversity list.
Primary/Essential Duties and Key Responsibilities:
- Maintain near real-time awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis).
- Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit.
- Identify updates for any software asset that have even the appearance of a quietly patched security defect (e.g. release notes contain "security" or "vulnerability").
- Track private vulnerabilities (internal discovery, or nonpublished).
- Map vulnerability inventory to asset inventory.
- Determine asset susceptibility by technical means when (e.g., analyzing code execution flow), usage and asset configuration.
- Recalculating priority for risks that decrease due to exploitability limitations and threats.
- Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable.
- Ability to prioritize vulnerabilities based on potential risks.
- Identify vulnerabilities and assess system compliance.
- Compile vulnerability and compliance reports, provide remediation recommendations, and tabulate metrics on vulnerabilities and remediation activities.
- Completing regular situational awareness reports and other reports on a recurring basis.
- Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
- Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities.
- Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
- Engage cross-divisional teams and oversee the implementation of security recommendations by leveraging appropriate communication methods, tracking remediation of identified risks, mitigation strategies, plan activities and dependencies.
- Execute responsibilities with an understanding of the Global Security vision, strategic objectives, and priorities.
- Demonstrated ability to work well independently with little input, and as a part of a team
- Advanced experience with vulnerability scanning tools and risk management reporting platforms
- Experienced in leading cross functional teams (including offsite, remote and offshore) to consensus
- Written and verbal communication skills in security assessment documentation
- Has good organizational and interpersonal skills and broad experience in interacting successfully with both technical and non-technical people
- Has sufficient knowledge and experience to adequately differentiate between vulnerabilities and false positives
- Vulnerability management
- Technical operations
- Demonstrate knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices.
- Vulnerability discovery and exploit creation
- Prior programming experience
- Experience with vulnerability management tools, Visio, JIRA
- Quantitative risk assessment experience
- Bachelor’s Degree in Information Systems, Business Administration or related discipline preferred but not required if candidate has equivalent work experience.
- Factor Analysis of Information Risk (FAIR)
- RSA Archer
- No unique physical demands are required for this job.
This job description has been written to provide an accurate reflection of the current job and to include the general nature of work performed. It is not designed to contain a comprehensive detailed inventory of all duties, responsibilities, and qualifications required of the employees assigned to the job. Management reserves the right to revise the job or require that other or different tasks be performed when circumstances change.
Ultimate Software will reasonably accommodate employees with disabilities as defined by the Rehabilitation Act of 1973, the Americans with Disabilities Act (ADA) and other appropriate statutes. If you are an applicant and need a reasonable accommodation when applying for job opportunities within the Company or request a reasonable accommodation to utilize the Company’s online employment application, please contact firstname.lastname@example.org.