IT Risk Mitigation Engineer II - REMOTE

About the role

As a Risk Mitigation Engineer II, the incumbent will be responsible for assisting in the core, day-to-day functions of the Risk Mitigation (RM) team. In this role the incumbent acts as a technical support specialist within the larger RM team. This role will promote directives within the team to support IT infrastructure and application teams across the organization to ensure a risk-based approach to vulnerability management is embedded into their daily work. The RM Engineer II will focus the majority of their time on hands-on solutions and tools, such as those that are typically used for monitoring, assessment, tracking, and reporting. The ideal candidate will have excellent technical, organizational, and communication (written and verbal) skills, along with a willingness to assist where needed with overall team tasks. A sense of ownership, and a want and willingness to learn, assume new responsibilities, and an overall initiative-based drive are keys to success in this position and successive/advanced roles within the team. Day in the Life: Assume a critical, supportive, technical role within the RM team. Assist both technical and team initiatives to shape and guide the focus and execution of remediation solutions that provide effective, accurate, comprehensive, and actionable reporting, best practices configurations, timely patching, etc., toward a goal of overall reductions in vulnerabilities across all department accountable technologies. Under guidance, collaborate with Security and IT Infrastructure to maintain or implement risk-based, actionable remediation requirements for all supported, auditable technologies. Utilize a breadth of technical background to identify and research the vulnerabilities, then partner with the proper technology team to remediate the findings. Assist with or directly maintain and support vulnerability management programs that include reviewing regular scans and assessments of the organization's systems, network and applications to identify security vulnerabilities. Resolve or assist with the resolution of information security vulnerability findings, including zero-day or targeted threats, and/or internal or external weaknesses in IT platforms, appliances, systems, services, applications or configurations. Work with multiple teams to align scanning, reporting and tracking in compliance with industry best-practices, regulations, and standards related to vulnerability management, such as PCI-DSS, SOC II, NIST, CIS benchmarks, or other compliance regulations required by either industry mandates or Velera standards. Improve reporting maturity through automation, consolidation, and other techniques as necessary. Perform or assist with recurring and on-demand scanning of organization systems and cloud environments. Maintain detailed documentation regarding Velera's threat management standards, policies, and procedures Improve and automate, wherever possible, existing vulnerability management systems