The Vulnerability Management (VM) program focuses on addressing vulnerabilities in the entire development lifecycle, from design, coding, deployment and at runtime. The program develops and operates platforms for identifying, classifying, scanning, and reporting security vulnerabilities in all RiteAid assets across the company's cloud infrastructure and applications.
Security Engineering Director is hiring a principal level engineer to lead the development and operations of its vulnerability management program, finding and remediating vulnerabilities in both software artefacts during the software development lifecycles and all assets to Riteaid.
Develop short- and long-term program and product strategies in partnership with product management and other engineering teams.
Build the vulnerability management capabilities for both Application Vulnerability Management as well as Systems Vulnerability Management.
Responsible for identifying, categorizing, reporting and remediating of vulnerabilities in all our environment whether it is on systems, networks, applications, web applications or code.
Responsible for driving the risk associated with the identified vulnerabilities down by providing a clear way of patching and fixing these vulnerabilities to other engineering teams.
Bachelor’s Degree in Arts/Sciences (BA/BS) Computer Science / Engineering required.
Master’s degree in Arts/Sciences (MA/MS) Computer Science/Engineering preferred.
#LI-JC1
#LI-Remote
7 years of experience in vulnerability management, including 3+ years’ experience in a high-availability 24/7 environment required.
Hands on experience of different vulnerability management programs .
Vulnerability Management: strong knowledge and experience in managing both Web application vulnerability management lifecycle and Systems vulnerability management lifecycle.
Platform development proven track of designing, coding and delivering large-scale PaaS or IaaS systems, especially on public cloud substrates (AWS/GCP) .
Programming Proficiency in object-oriented and multi-threaded programming to support code-reviews and guiding engineers in at least one of the following languages: Golang, Java, C++, Python .
Security: Strong knowledge in security fundamentals: authentication/authorization frameworks (e.g., SSO, SAML, Oauth), secure transport (e.g., SSL, TLS), identity management (e.g., certificates, PKI), vulnerability management .
DevOps mindset and strong ownership over owned code (test, monitor, deploy, maintain) .
Team Ability to lead, motivate and grow teams of developers in a challenging, dynamic and global environment .
",