Security Engineer, Vulnerability Management
We are PIMCO, a leading global asset management firm. We manage investments and develop solutions across the full spectrum of asset classes, strategies and vehicles: fixed income, equities, commodities, asset allocation, ETFs, hedge funds and private equity. PIMCO is one of the largest investment managers, actively managing more than $1.84 trillion in assets for clients around the world. PIMCO has over 2,700 employees in 17 offices globally. PIMCO is recognized as an innovator, industry thought leader and trusted advisor to our clients.
PIMCO is one of the world's premier fixed income investment managers with thousands of professionals around the world united in a single purpose: creating opportunities for our clients in every environment. Since 1971, we have brought innovation and expertise to our partnership with the institutions, financial advisors and millions of individual investors who entrust us with their assets. We aspire to cultivate performance and leadership through empowering our people, diversity of thought, and a commitment to an inclusive culture that engages in our global communities. Position Description:
As an Information Security Engineer you will be part of a highly functioning and ambitious team that plays a key role in supporting the transformation of platforms and applications across the firm. You will need to be a big-picture strategic thinker, who is able to pay close attention to details and autonomously drive initiatives throughout the enterprise. This position is an exciting role for you if you are eager to drive our vulnerability management program in a new direction. This position presents opportunities to advise on cybersecurity strategy and implementation to senior management. The Information Security Team values ambitious-entrepreneurial attitude and fosters an environment for professional growth and career development. You should be an excellent communicator and unafraid to ask the tough questions, to challenge the status quo, and inspire change. You will be a meaningful culture carrier for the organization, who models the right behaviors for the team, and helps craft a shared sense of leadership and accountability across technology.
Position Requirements: Minimum Qualifications:
- Provide detailed technical analysis of vulnerabilities identified (through scanning, threat intelligence, research, and vendor notifications) to determine their impact to PIMCO, help prioritize, communicate to the relevant partners, and drive an overall timely remediation based on agreed upon internal program governance
- Work with IT and MSP partners to establish communication plans and develop remediation framework for testing and validating vulnerabilities
- Develop effective strategies for vulnerability remediation and bring to bear technology to orchestrate and automate (where possible)
- Establish a process for reporting progress of vulnerability remediation and trends to internal team and executive leadership
- Develop skills, technical capabilities, and methods to deliver the best cyber defense capability to protect IT assets from cyber threats, attacks, and exploitation
- Maintain situational awareness of meaningful cyber defense initiatives, indicator lists, threat reports, incident response techniques, and cyber defense technologies to ensure that cyber defenses are effective and incorporating the best protections
- Provide critical input into the selection, configuration, and implementation of new and existing security technology solutions
- Solid understanding as to what is required to prevent security exploits, how to detect security attacks and anomalies, and how to respond to security incidents and intrusions
- Dedicatedly identify ("threat hunting") and analyze new and emerging threats in addition to countermeasures, controls to ensure adequate protection/capabilities
- Build and lead security service provider relationship(s) including but not limited to contracts, use case development, service level agreements, and work flow/process development
- Serve as information security domain expert, trusted advisor
- Complete administrative tasks like status reporting and project plan completion
- Minimum 5 years of experience working within an Information Security team
- Minimum 3 years of experience working in and/or managing a vulnerability and/or cyber-threat program
- Master's or Bachelor's Degree in Computer Science, Cybersecurity, Information Systems and/or equivalent experience in a related field.
- Advanced industry certifications a plus, e.g. SANS GIAC, OSCP/E, Security+, Network+, CySA+, CASP+, CISSM, CISM, CCSP, CEH, CCNA, CCNA Cyber Ops.
- Solid understanding of threat models, adversary tactics and methodologies, and threat intelligence
- Strong analytical skills and ability to identify, analyze, and resolve problems, driving solutions through to completion
- Script development (Python, VBscript, and Powershell) a plus
- Programming skills in at least one of the primary programming languages: C#, Python, C++, .NET or Java
- Solid grasp of SQL languages
- Ability to meet established deadlines; a self-starter and be able to work independently as well as being a standout colleague
- Strong facilitation of skills and a clear ability to build strong relationships with business partners at all levels, including senior managers
- Demonstrated ability to translate business drivers and priorities into security design
- Ability to translate complex technical information across all levels of the organization
- PIMCO is committed to offering a comprehensive portfolio of employee benefits designed to support the health and wellbeing of you and your family. These benefits include medical, dental and vision coverage from your first day of employment.
- 401k Savings and Retirement Plan.
- Work/Life Programs such as Flexible Work Arrangements, Parental Leave & Support, Employee Assistance Plan, and Educational/CFA Certification Reimbursement Programs.
- Community involvement opportunities with The PIMCO Foundation in each PIMCO office.