Security Engineer, Senior A Vulnerability Management

The Blackbaud Cyber Security team is looking for a Senior Security Vulnerability Engineer to aid in identifying, assessing risk, and communicating vulnerability information across all Blackbaud environments.

What you'll do:

As the Senior Security Vulnerability Engineer, you will work to identify Infrastructure vulnerabilities and misconfigurations in on-premises and cloud environments. Validation skills will be essential before thoroughly assessing the risk associated with the findings and then partnering with internal stakeholders to ensure communication and understanding of the risk assigned to them.

The overall goals of the Vulnerability Management team include ensuring the identification, prioritization, and reporting of all risk associated with any Blackbaud network or asset. The team is responsible for ensuring the completeness and accuracy of the data as well as driving the organizations to meet enterprise goals in reducing the attack surface.

• Implement security controls and compensating/mitigating controls for vulnerability risk
• Architect, deploy and operationalize vulnerability scanning technology platforms and designing remediation workflows
• Design and implement advanced vulnerability dashboards and executive reports
• Research vulnerabilities, scanning logic, and possible solutions

What you'll bring:

A highly motivated and experienced security practitioner who passionately eliminates security vulnerabilities by ensuring stakeholders across the business have the right resources and information to address all discovered security concerns. You have a knack for fostering effective relationships and explaining technical security information across various levels of audiences.

• 5+ years of Cyber Security experience required
• Advanced practical skills in vulnerability assessment tooling such as Crowdstrike, Tenable.io, Cisco Vulnerability Management, Qualys, Tenable CSPM, Tenable ASM etc.
• Experience with multi-cloud environments and cloud security compliance tools
• Understanding of securing and hardening operating systems, applications, and containers including frameworks that provide guidance on these subjects
• Experience with Kubernetes, APIs and Web services, including REST and SOAP
• Understanding of cyber security concepts, including threats, vulnerabilities, encryption, network security, and IAMS
• Situational awareness around industry news on software vulnerabilities, including 0-day vulnerabilities and emergency patching. As well as understanding of modern security engineering concepts and security-by-design principles.
• Familiarity with API scripting such as python and bash and an understanding of varied operation systems and network topology.