Principal Security Engineer, Vulnerability Management
Culver City | Req ID: JR22-11283
Tech/IT/InfoSec at Sony Pictures
Join us in a dynamic fast paced environment focused on delivering value by leveraging an agile framework. In support of our ever evolving film and television businesses, our IT teams leverage the latest technologies and focus on cloud adoption.
Be a part of a diverse, inclusive and collaborative culture that focuses on professional development, high performance and growth by leveraging structured programs that include OKRs (stretch for amazing) and modern development planning tools (e.g. competency model). Check out the top traits we’re looking for and see if you have the right mix.
- trusted partner
- problem solver
- strategic thinker
- change agent
- effective communicator
Our Vulnerability Management Operations (VMO) team uses various security tooling to identify, classify and track remediation of vulnerabilities in our information systems.
You will interact with other teams (onshore and off) to enable prioritization, escalation and remediation of vulnerabilities, as needed. You will document standards and processes related to Vulnerability Management and keeps them current. The position will report to the Executive Director of Vulnerability Management.
What You’ll Do:
- Conduct vulnerability scans at the desktop, network, server, database, and application (DAST & SAST) levels on both internal and external systems within this organizations enterprise
- Provide technical guidance to engineering teams regarding the impact of security issues
- Drive remediation by working with various teams
- Assist in generating asset inventory reports and identify discrepancies
- Run both internal and external penetration tests, ensuring timeliness and accuracy of reports
- Automate vulnerability scans
- Develop technical and non-technical solutions to help mitigate security risks
- Develop integrations between various tools and our VM management system
- Improve existing security process by automation and integration
- Deliver security metrics and improvement
- Document security guidance & processes as they relate to policy
- Champion security in the organization
What you will have:
- Bachelor’s degree in computer science or a technology related filed required
- 5-7+ years of experience in Information Technology
- 5-7+ years of experience in an Information Security role
- Understanding of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them
- Knowledge in Vulnerability Management and its related processes and procedures
- General understanding of security fundamentals (cryptography, least privilege, segregation of duties…) and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, identity management, directory services, etc.
- Knowledge of Active Directory, DDNS, Group Policy, Microsoft Windows Server and Desktop operating systems
- An understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security
- An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Familiarity with vulnerability management frameworks and concepts such as CVE, and CVSS
- Experience with common CI/CD and software deployment automation tools
- Understanding of security management, governance, and risk
- Experience of working in an Agile (Scrum/Kanban) development environment
- Broad technical knowledge, and ability to quickly assimilate new skills
- Ability to positively influence others without direct authority towards a common purpose
- Ability to adapt to shifting priorities, demands and timelines
- Ability to work efficiently within a matrix management organization
- Excellent interpersonal, communication, presentation, and collaborative skills to work effectively with executive leadership, IT, and Information Security teams throughout organization
Nice To Have:
- Strong experience in automation, coding and scripting languages.
- Security related certifications preferred
- CISSP – Certified Information System Security Professional
- CEH – Certified Ethical Hacker
- An understanding of PCI Compliance and EU GDPR Requirements
- Experience with IaaS, PaaS, IaC and Cloud Services such as AWS, Azure, and GCP
- Understanding and experience with container-based architectures
*Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics.
*As part of our commitment to health and safety, all U.S. non-union and O.P.E.I.U. Local 174 applicants and employees must submit proof of vaccination against COVID-19 or request and obtain approval of a reasonable accommodation based on disability or a sincerely held religious belief, practice or observance. To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.
Sony Pictures is the powerhouse behind some of the world’s most beloved films and television. Peek behind the curtain and watch this video to see what it’s like to work with us.