Nike, Inc.:
Vulnerability Management Engineer Job in Beaverton, VT
Premium
See who posted the job
Premium
Competitive Insights
Premium
Check your commute time
Closed
Beaverton, VT
Full-time | Information Technology
About the job
Become a Part of the NIKE, Inc. Team
NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At Nike, it’s about each person bringing skills and passion to a challenging and constantly evolving game.
Nike, Inc. Technology is responsible for making the world’s largest sport brand run faster, smarter and more securely. From infrastructure to security and supply chain operations, Technology specialists drive growth through top-flight hardware, software and enterprise applications. Global Technology aggressively innovates solutions to drive growth while creating and implementing tools that help make everything else in the company possible.
DescriptionThe Vulnerability Management Engineer is part of the CIS Security Operations Attack Surface Management Team, that participates in the attack surface reduction of global computing assets through the identification, and assessment of vulnerabilities. This role is responsible for engineering solutions to continuously improve detection and visibility of vulnerabilities across Nike digital footprint. In addition, this role is responsible for analysis of the data generated by the vulnerability management solutions, coordination with external stakeholders regarding their remediation effectiveness and completion of day to day tasks associated with vulnerability management program.Job Responsibilities •Review security vulnerabilities across diverse technologies and rapid changing environments including on premise/cloud infrastructure to determine risk rating of vulnerabilities to business assets.•Improve and automate upon existing vulnerability management lifecycle. Included but not limited, data ingestion & normalization, compliance metrics and detections on ephemeral assets.•Work with business stakeholders to ensure remediation efforts adhere to corporate standards and policies.•Provides analysis and validation post remediation, opportunities for improvements and out of the box thinking for optimizations and solving road blocks.•Perform reoccurring and on demand scanning activities of both corporate and cloud environments utilizing enterprise platform. •Interface with other CIS organizations such as Governance, Risk and Threat Intelligence to report on program status and coordinate risk tracking.Strongly Preferred •Professional experience in Information Security.•Vulnerability & Secure Code solutions such as Tenable Nessus, Rapid7 Nexpose, Qualys, WhiteHat, HP Fortify, Veracode, AppSpider.•Intermediate to Proficient in scripting languages preferably Python.•Fundamental understanding of OWASP Top 10 Web application Security Risks•Previous experience working in large scale environments with diverse technologies including Cloud technologies.Demonstrated technical experience with:•Diverse Cloud Computing (AWS & Azure)•Understanding of Automation and Pseudocode via Python.•Network Switching and Routing (Cisco, Juniper), Familiarity of TCP/IP and associated protocols.•Understanding of Several Operating systems such as Windows Linux/UNIX Servers (Solaris, Red Hat Enterprise, Oracle Linuz).Qualifications•Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline.•3+ years of related professional experiences.•Certifications such as GIAC Security Essentials (GSEC), GIAC Web Application Penetration Tester (GWAPT)or CompTIA Security +. •Understanding of a variety of technical concepts with focus on cloud computing, automation, networking, systems administration, application development, and information security best practices.•Experience with data metrics & normalization with the ability to provide qualitative & quantitative analysis and recommendations.•Excellent verbal and written communication skills.•Excellent organizational and/or project ownership skills.•Ability to develop excellent working relationships with a variety of other enabling teams.•Excellent attention to detail, data accuracy, and data analysis.•Self-motivated and operates with a high sense of urgency and a high level of integrity. NIKE, Inc. is a growth company that looks for team members to grow with it. Nike offers a generous total rewards package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Nike employee shares one galvanizing mission: To bring inspiration and innovation to every athlete* in the world.
NIKE, Inc. is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.
Job ID 00432022
NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At Nike, it’s about each person bringing skills and passion to a challenging and constantly evolving game.
Nike, Inc. Technology is responsible for making the world’s largest sport brand run faster, smarter and more securely. From infrastructure to security and supply chain operations, Technology specialists drive growth through top-flight hardware, software and enterprise applications. Global Technology aggressively innovates solutions to drive growth while creating and implementing tools that help make everything else in the company possible.
DescriptionThe Vulnerability Management Engineer is part of the CIS Security Operations Attack Surface Management Team, that participates in the attack surface reduction of global computing assets through the identification, and assessment of vulnerabilities. This role is responsible for engineering solutions to continuously improve detection and visibility of vulnerabilities across Nike digital footprint. In addition, this role is responsible for analysis of the data generated by the vulnerability management solutions, coordination with external stakeholders regarding their remediation effectiveness and completion of day to day tasks associated with vulnerability management program.Job Responsibilities •Review security vulnerabilities across diverse technologies and rapid changing environments including on premise/cloud infrastructure to determine risk rating of vulnerabilities to business assets.•Improve and automate upon existing vulnerability management lifecycle. Included but not limited, data ingestion & normalization, compliance metrics and detections on ephemeral assets.•Work with business stakeholders to ensure remediation efforts adhere to corporate standards and policies.•Provides analysis and validation post remediation, opportunities for improvements and out of the box thinking for optimizations and solving road blocks.•Perform reoccurring and on demand scanning activities of both corporate and cloud environments utilizing enterprise platform. •Interface with other CIS organizations such as Governance, Risk and Threat Intelligence to report on program status and coordinate risk tracking.Strongly Preferred •Professional experience in Information Security.•Vulnerability & Secure Code solutions such as Tenable Nessus, Rapid7 Nexpose, Qualys, WhiteHat, HP Fortify, Veracode, AppSpider.•Intermediate to Proficient in scripting languages preferably Python.•Fundamental understanding of OWASP Top 10 Web application Security Risks•Previous experience working in large scale environments with diverse technologies including Cloud technologies.Demonstrated technical experience with:•Diverse Cloud Computing (AWS & Azure)•Understanding of Automation and Pseudocode via Python.•Network Switching and Routing (Cisco, Juniper), Familiarity of TCP/IP and associated protocols.•Understanding of Several Operating systems such as Windows Linux/UNIX Servers (Solaris, Red Hat Enterprise, Oracle Linuz).Qualifications•Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline.•3+ years of related professional experiences.•Certifications such as GIAC Security Essentials (GSEC), GIAC Web Application Penetration Tester (GWAPT)or CompTIA Security +. •Understanding of a variety of technical concepts with focus on cloud computing, automation, networking, systems administration, application development, and information security best practices.•Experience with data metrics & normalization with the ability to provide qualitative & quantitative analysis and recommendations.•Excellent verbal and written communication skills.•Excellent organizational and/or project ownership skills.•Ability to develop excellent working relationships with a variety of other enabling teams.•Excellent attention to detail, data accuracy, and data analysis.•Self-motivated and operates with a high sense of urgency and a high level of integrity. NIKE, Inc. is a growth company that looks for team members to grow with it. Nike offers a generous total rewards package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Nike employee shares one galvanizing mission: To bring inspiration and innovation to every athlete* in the world.
NIKE, Inc. is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.
Job ID 00432022