Threat and Vulnerability Engineer.

Threat and Vulnerability Engineer

The successful candidate for this position will be a subject matter expert in Information Security, possessing a wide range of experience in various technologies, tools, and methodologies. The primary responsibilities of this role include identifying, analyzing, and prioritizing vulnerabilities within the organization. The candidate will be expected to provide proactive security recommendations and engage in threat hunting activities based on threat intelligence. The ability to effectively analyze and interpret data from multiple sources using Python or PowerShell is essential for this role.

Millennium is a complex and robust technical environment, and securing the Firm from external and internal threats is a top priority. The team fosters a collaborative environment and is building a best-in-class program to partner with the business to protect the Firm’s information and computer systems.

Principal Responsibilities

1. Perform periodic and on-demand system audits and vulnerability assessments of systems, internal applications, and Cloud services to identify security vulnerabilities.
2. Document, prioritize, and formally report on asset and vulnerability status as remediation activities progress.
3. Analyse cyber threat intelligence and make recommendations to mitigate threats and improve security posture.
4. Perform threat hunting and look-backs on IOC’s.
5. Partner with Infrastructure teams in Networking, Desktop Engineering, Compute, and others to track and report on vulnerability remediation activities.
6. Perform data analysis using scripting, databases, and Excel.
7. Maintain and create metrics reporting for governance purposes.

Qualifications

1. Bachelor’s degree in Cyber Security, Computer Science, or Engineering preferred.
2. Scripting and development skills (Python or PowerShell).
3. Experience with data analysis tools including SQL, Excel, and other analytical tools.
4. Experience with log analysis and reviewing security events.
5. Hands-on experience with vulnerability scanning platforms such as Rapid7, Tenable, Qualys, nmap, etc., is a plus.
6. High-level understanding of operating systems, Cloud, Active Directory, Group Policy, DNS, Email.
7. High-level understanding of networking, data transmission, and encryption protocols.
8. Strong communication and collaboration skills across teams.
9. Ability to prioritize in a fast-paced, high-pressure, and constantly changing environment.
10. Passion for Information Security and Technology.

#J-18808-Ljbffr