Senior Security Engineer, OT Vulnerability Management

Open the door to a groundbreaking tech career with an industry leader. Southern Glazer’s Wine & Spirits is North America’s preeminent wine and spirits distributor, as well as a family-owned, privately held company with a 50+ year legacy of success. To create a new era in alcohol beverage sales and service, we’re heavily invested in the most transformative new technologies – and the most brilliant tech professionals. Southern Glazer’s was named by Newsweek as a Most Loved Workplace and is included on the Forbes lists for Largest Private Companies and Best Employers for Diversity.

As a full-time employee, you can choose from a full menu of our Top Shelf Benefits, including comprehensive medical and prescription drug coverage, dental and vision plans, tax-saving Flexible Spending Accounts, disability coverage, life insurance plans, and a 401(k) plan. We also offer tuition reimbursement, a wellness program, parental leave, vacation accrual, paid sick leave, and more.

We offer continuous learning and career growth in a fast-paced environment where you are respected, your voice is heard, and technology is part of our strategy for success. If you’re looking to fill your glass with opportunity, come join our FAMILY.

Overview

The Senior Engineer, OT Vulnerability Management is responsible for evaluating, rating, and performing vulnerability assessments on assets within operational technology (OT) environments. Responsibilities include conducting vulnerability assessments, analyzing risks, and working closely with cross-functional teams to implement strategies for patch management to mitigate vulnerabilities. The ideal candidate will be a strong leader of people with exceptional understanding and subject matter expertise in OT vulnerability management strategies. They will manage Enterprise and OT-specific vulnerability scanners, as well as create and present meaningful reports to assist teams responsible for addressing vulnerabilities.

Specialized Skills and Technologies

• Excellent Vulnerability Management skill set
• In-depth knowledge of OT-specific and Enterprise vulnerability scanners
• Able to assess a vulnerability without scanners if needed
• Able to perform OT assessments
• Able to deploy OT vulnerability management hardware/software
• 3 or more years of experience with utilizing, and managing, an Enterprise vulnerability scanner such as Nessus, Nexpose, Qualys, etc.
• 5 or more years of experience with utilizing and managing an OT-specific vulnerability scanner

Primary Responsibilities

• Lead regular vulnerability assessments of OT systems, networks, and devices to identify risks to the business
• Develop information security policies, standards, and procedures for the OT Vulnerability Management program
• Deploy, manage, and maintain OT Vulnerability Management hardware and software used in the OT environment
• Coordinate with teams and business partners regarding OT Vulnerability Management best practices for on premise and cloud-based solutions
• Manage and monitor newly announced vulnerabilities and CVEs specific to OT environments
• Integrate threat intelligence into vulnerability management processes to proactively address security risks
• Serve as the OT Vulnerability Management expert and trusted advisor
• Address vulnerabilities quickly and efficiently while ensuring little to no impact to the business
• Develop strategies for the deployment of security patches, updates, and configurations to mitigate identified vulnerabilities
• Develop and maintain OT-specific incident response plans that define detection, analyzing, and respond to security incidents with OT-environments and their systems
• Coordinate with other incident response teams
• Must be willing to participate in an on-call rotational schedule
• Work closely with internal teams and OT vendors to assess and address security risks on OT systems
• Assist with Enterprise vulnerability management

Preferred Qualifications

• Master’s Degree
• Active CISSP or other related certifications
• OT related certifications

Minimum Qualifications

• Bachelor’s Degree
• 7 or more years of work experience in IT
• 5 or more years of experience in OT vulnerability management
• Ability to create and influence a Vulnerability Management program at the enterprise level
• Relevant industry experience with a technical background
• Experience deploying OT vulnerability management tools
• Excellent understanding of Windows and Linux operating systems
• Experience with Vulnerability Management methodology
• Deep understanding of OT environments mandatory
• Ability to work with third-party vendors to ensure vulnerabilities are addressed in their applications and/or systems
• Must understand all aspects of an OT environment to include networking, systems, and applications
• Continually follow the threat landscape to stay on top of the latest OT-related vulnerabilities
• Work effectively with technical and non-technical partners in a cross-functional setting
• Effective team player with technical and non-technical personnel in a cross-functional setting
• Must be willing to perform OT environment activities in specified time windows that may include after-hours
• Strong balance of business acumen and technology knowledge
• Excellent verbal/written communication skills
• Self-starter and motivated with deep attention to detail
• Strong team player who can work across multiple functions and lead peers, excellent listener and collaborator who partners closely with others
• Establish and communicate clear priorities and sense of direction
• Express ideas in a clear, fluent, and concise manner to both technical, and non-technical audiences
• Act as a mentor to other members of the team
• Critical thinker, Facilitator, Problem solver
• Excellent time management skills
• Results-oriented, Strategic Thinker
• Good quantitative analysis skills
• Excellent customer service skills in all interactions with internal and external customers, including but not limited to partners from other divisions, vendors, suppliers, across all areas of the business
• Strong planning and organizational skills to work in a fast-paced environment and manage multiple priorities

Agile Delivery Values

• Openness – Team and stakeholders agree to be open about all work and challenges
• Commitment – Personally commit to achieving the goals of the team
• Respect – Respect your team members to be capable and independent
• Courage – You have courage to do the right thing and work on tough problems
• Focus – Everyone focus on the work in the sprint and the goal of the scrum team. Rise and fall as a team

Physical Demands

• Physical demands include a considerable amount of time sitting and typing/keyboarding, using a computer (e.g., keyboard, mouse, and monitor), or mobile device
• Physical demands with activity or condition may occasionally include walking, bending, reaching, standing, squatting, and stooping
• May require occasional lifting/lowering, pushing, carrying, or pulling up to 20lbs

EEO Statement

Southern Glazer’s Wine and Spirits, an Affirmative Action/EEO employer, prohibits discrimination and harassment of any type and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. SGWS complies with all federal, state and local laws concerning consideration of a qualified applicant’s arrest and/or criminal conviction records. Southern Glazer’s Wine and Spirits provides competitive compensation based on estimated performance level consistent with the past relevant experience, knowledge, skills, abilities and education of employees. Unless otherwise expressly stated, any pay ranges posted here are estimates from outside of Southern Glazer’s Wine and Spirits and do not reflect Southern Glazer’s pay bands or ranges.

Source ⇲