The Unity Security Operations team is seeking a Vulnerability Management Engineer. This role has the opportunity to drive decisions and build processes that will be used throughout the company.
The position requires the ability to gather, correlate, rationalize, and prioritize vulnerability data from at least two types of sources: vulnerabilities that we discover within our infrastructure as a result of automated scans, and software and system vulnerability disclosures from vendors, MITRE and similar 3rd party sources. The Vulnerability Management team is new. As part of this team, the person filling this position will help identify, purchase, or create any necessary tools that we do not already have. Just as importantly, this person will create and document the procedures for notifying teams responsible for patching affected systems and software; socialize the mechanisms for notification; and track individual issue progress towards mitigation.
A successful applicant will not necessarily need prior experience in vulnerability management but will need to be capable of independent problem solving. Past experience in Security is a major plus, but it is more useful to have a general understanding of compute systems and how they fit together. This is an excellent opportunity to grow in the security space.
What you’ll be doing
- Build and improve standards and procedures for prioritizing vulnerabilities
- Triage and prioritize vulnerabilities from multiple scanning tools
- Build and socialize procedures for reporting vulnerabilities to the appropriate individuals/teams
- Contribute automation to the vulnerability triage & report process
- Analyze false positives and provide guidance for reducing/eliminating them
- Track and report on progress towards mitigating vulnerabilities
What we’re looking for
- Experience with one or more cloud platforms
- Proficiency with one or more scripting languages, such as Python or Ruby
- Proven ability to work with other teams within the same company
- Ability to take responsibility for an issue and run with it until the problem is solved
You might also have
- Some experience and genuine interest in other SecOps related roles, such as Security Analyst, Security Engineer, Technical Program Manager, Incident Response Lead, etc.
- Experience with scanning tools used at Unity, such as Qualys, Twistlock, Orca, and Stackrox
- Experience with a SOAR tool (such as Demisto/XSOAR)
Life at Unity
Unity (NYSE: U) is the world’s leading platform for creating and operating real-time 3D (RT3D) content. Creators, ranging from game developers to artists, architects, automotive designers, filmmakers, and others, use Unity to make their imaginations come to life. Unity is the foundation upon which the world’s most powerful digital content is created. Specifically, Unity’s platform provides a comprehensive set of software solutions to create, run and monetize interactive, real-time 2D and 3D content for mobile phones, tablets, PCs, consoles, and augmented and virtual reality devices.
In the fourth quarter of 2021, Unity had, on average, 3.9 billion monthly active end users who consumed content created or operated with its solutions. The applications developed by these creators were downloaded, on average, five billion times per month in 2021. For more information, please visit www.unity.com.
Unity is an equal opportunity employer committed to fostering an inclusive, innovative environment with the best employees. Therefore, we provide employment opportunities without regard to age, race, color, ancestry, national origin, religion, disability, sex, gender identity or expression, sexual orientation, or any other protected status in accordance with applicable law. If there are preparations or accommodations we can make to help ensure you have a comfortable and positive interview experience, please let us know.
Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Unity does not accept unsolicited headhunter and agency resumes. Unity will not pay fees to any third-party agency or company that does not have a signed agreement with Unity.
Share the Vulnerability Management Engineer position on WeChat