Principal Vulnerability Management Analyst

About the role

At Newrez, we bring big thinkers and caring doers together to make home happen. We're a team built on heart and hustle, united by a commitment to show up for our customers, our communities, and each other. We believe that when our people thrive, homeowners thrive - and that's why we invest in your growth, wellbeing, and ability to make an impact. Every day, we work to exceed the expectations of our residential mortgage borrowers and business partners through superior service, simple processes, and clear communication. We do this by empowering our employees, encouraging innovative solutions and recognizing great performance. Primary Function: The Principal Vulnerability Management Analyst serves as the program owner for vulnerability management, overseeing all aspects of vulnerability assessment, remediation, and reporting. This role is pivotal in ensuring Newrez's security posture remains robust and resilient against threats. Proficiency in Security Architecture, Engineering, and Operations across hybrid environments is crucial, encompassing both on-premises and Azure cloud infrastructures. Candidates' primary responsibility includes designing, implementing, and optimizing vulnerability management solutions, with a specialized focus on Qualys VMDR integration and comprehensive reporting for effective risk mitigation. Principal Duties: Lead the design and implementation of vulnerability management solutions across multiple business units in hybrid environments. Develop and maintain a comprehensive Vulnerability Management Program, emphasizing core capabilities and leveraging Qualys VMDR product offerings. Identify and evaluate vulnerability management solutions suitable for on-premises and cloud environments. Establish vulnerability management reference architecture across hybrid infrastructures, ensuring alignment with industry standards and best practices. Conduct regular vulnerability assessment scans and prioritize remediation efforts based on risk analysis. Continuously improve key risk indicators (KRI) related to vulnerability management that is aligned with Rithm's risk tolerance. Coordinate with system owners and stakeholders to remediate identified vulnerabilities promptly. Develop and implement processes for tracking and monitoring vulnerability remediation progress. Generate and distribute vulnerability assessment reports to relevant stakeholders, including executive leadership. Collaborate with IT teams to integrate vulnerability management solutions into existing systems and workflows. Ensure compliance with relevant industry standards and regulations. Stay up to date with the latest security vulnerabilities, exploits, and threat intelligence to enhance the effectiveness of vulnerability management practices. Provide guidance and training to IT staff on vulnerability management best practices and procedures. Oversee the integration of vulnerability management processes across multiple business units resulting from mergers and acquisitions. Perform related duties as assigned by management. Education and Experience: Required education and experience. Examples below. Bachelor's degree in computer science, engineering, or another relevant discipline. 7+ years of progressive experience in Cyber Security. Experience in vulnerability management, with exposure to hybrid on-premises and Azure environments. Experience with Qualys VMDR or similar vulnerability management platforms preferred. Knowledge, Skills, and Abilities: Required knowledge, skills, and ability. Examples below. In-depth knowledge of vulnerability management processes and best practices. Strong understanding of security technologies applicable to hybrid environments. Experience with vulnerability assessment tools, specifically Qualys. Familiarity with industry frameworks related to vulnerability management (e.g., CVE, CVSS). Excellent analytical and problem-solving skills. Persuasive communication and collaboration skills. Relevant certifications (e.g., CISSP, CEH, Qualys Certified Specialist) are a plus. Ability to adapt to changing technologies and environments. *These essential functions are fundamental to the role, and must be performed on-site, as they cannot physically be performed remotely. In addition, the Company has determined that an in-person presence is important to critical components of our work, including oversight, training, collaboration, and productivity. Items not marked (*) as essential on-site, may still require partial on-site work to perform the role satisfactorily. While this description is intended to be an accurate reflection of the position's requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary. By applying to this position candidate acknowledges that this is not a remote role and is required to be on-site. Additional Information: While this descript

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at newrez? Share your experience