Vulnerability Management Principal

Vulnerability Management Principal

Location: Bucharest, Romania

ICON plc is a world-leading healthcare intelligence and clinical research organisation. From molecule to medicine, we advance clinical research providing outsourced services to pharmaceutical, biotechnology, medical device and government and public health organisations.

With our patients at the centre of all that we do, we help to accelerate the development of drugs and devices that save lives and improve quality of life.

Our people are our greatest strength, are at the core of our culture, and the driving force behind our success. ICON people have a mission to succeed and a passion that ensures what we do, we do well.

The Role:

We are seeking a Vulnerability Management Principal to join our global, award winning Security team. The Cyber Security team is based in Dublin, in our state of the art Cyber Security operations center facility. The 25+ growing team is passionate, friendly and committed. 
 

The team are proud winners of a recent CSO50 award for the PRA Integration project.  The CSO50 Awards recognize 50 security projects and initiatives that demonstrate outstanding business value and thought leadership. We give all our staff SANS training every year and are fully supportive of enabling our team members to get to security conferences.

The Vulnerability Management Principal is a hands-on practitioner and leads the vulnerability management practice in the global Cyber & Information Security team. This is a technical role and candidates must possess a solid understanding of information security, applications, operating systems, networking, cloud infrastructure, and basic attacker tactics, techniques, and procedures (TTPs).

Key responsibilities:

• Work as part of a team to consistently learn and share advanced skills and foster team excellence.

• Lead the strategic vulnerability management approach and ensure continuous improvement

• Manage continuous discovery and vulnerability assessment of enterprise-wide assets.

• Manage vulnerabilities across applications, endpoints, databases, networking devices, mobile and cloud assets.

• Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.

• Manage vulnerabilities across applications, endpoints, databases, networking devices, mobile and cloud assets.

• Collaborate with various IT and Application teams in remediation efforts and ensuring that vulnerabilities have been appropriately remediated or managed in a timely manner.

• Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business and gain support through influential messaging.

• Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.

• Collaborate with the IT Security Operations team and wider Information Security teams such as Cyber Risk Management, Security Architecture & Engineering and Cyber Resilience.

• Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.

Requirements of the role:

• Minimum of 10 years experience in cyber security with focus on vulnerability management programme management and development.

• Minimum of 5 years experience in IT operations role is preferable

• Bachelor’s degree in computer science, information security, or other related program

• Information security related certification desired (e.g., GEVA, GCLD, GSLC or similar professional certification).

• Understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices.

• Experience working with vulnerability management solutions (e.g. Tenable, Rapid7, Qualys)

• Preferably some experience with vulnerability management across public cloud - AWS, Azure, GCP.

• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle.

• Capable of scripting in Python, Bash, Perl or PowerShell

• Familiar with the laws, regulations, industry standards and guidance pertaining to Data Protection and Information Security

• Able to lead technical problem analysis and resolution

• Analytical and problem-solving mind-set

• Must have strong leadership, interpersonal, teamwork and self-initiative skills.

Benefits of Working in ICON:

Our success depends on the quality of our people. That’s why we’ve made it a priority to build a culture that rewards high performance and nurtures talent.

We offer very competitive salary packages. And to keep them competitive, we regularly benchmark them against our competitors. Our annual bonuses reflect delivery of performance goals – both ours and yours.

We also provide a range of health-related benefits to employees and their families and offer competitive retirement plans – and related benefits such as life assurance – so you can save and plan with confidence for the years ahead.

But beyond the competitive salaries and comprehensive benefits, you’ll benefit from an environment where you are encouraged to fulfil your sense of purpose and drive lasting change.

ICON is an equal opportunity and inclusive employer and is committed to providing a workplace free of discrimination and harassment. All qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application process, or in order to perform the essential functions of a position, please let us know through the form below.