Sr. Threat and Vulnerability Management Analyst
LiveRamp is the leading data connectivity platform. We are committed to connecting the world’s data safely and effectively, advancing innovation, and empowering people to do good. Our platform powers customer experiences centered around the needs and concerns of real people, keeping the Internet open for all. We enable individuals around the world to connect with the brands and products they love. LiveRampers thrive on solving challenging problems for the good of humanity—and we’re always looking for smart, kind, and creative people to help us get there.
Mission: LiveRamp makes it safe and easy for businesses to use data effectively.
LiveRamp is seeking a passionate cyber security professional who understands the value of identifying and removing threats or vulnerabilities in the environment. This role will work with cross-functional teams to include our product and corporate teams. The role is aligned to the Threat and Vulnerability Management (TVM) program, a highly-valued team in Security Operations. This role will be involved in multiple programs, including but not limited to bug bounty, pen testing, red/purple team, and threat intelligence.
- Assist in the development and maintenance of various vulnerability management services including but not limited to vulnerability scanning, application, and infrastructure assessments
- Assist with the coordination of penetration test and red teaming exercises
- Analyze and validate security assessment findings leveraging different tools (i.e. Burp Suite)
- Configure and manage tools for proactive identification of vulnerabilities (i.e. ZAP, Metasploit)
- Assist with the deployment and maturity of vulnerability management tools including all related process documentation
- Using a service management platform, manage the tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and Service Level Agreements (SLAs) with responsible technology owners and support teams
- Conduct vulnerability analysis and prioritization to provide consultation and remediation guidance to IT and engineering teams
- Configure and provide system administration support for vulnerability scanning technologies
- Develop and enhance custom scripts to help automate vulnerability assessment processes (e.g., vulnerability scanning and reporting)
- Collaborate with the cyber threat intel team and organize a response or remediation effort for actionable threat intelligence
- Generate reports and provide recommendations for vulnerability metrics and other operational and Executive data points
Your team will:
Coordinate and enhance the discovery of host and cloud infrastructure vulnerabilities, distribute those findings to the appropriate teams, and provide consultation services to facilitate remediation.
- Bachelor's degree in Cyber Security, Computer or Software Engineering, Computer Science, Security Engineering, Information Management, Information Science or equivalent technical work experience
- 4+ years of experience working in information security or information technology roles
- Experience with an enterprise vulnerability scanning solutions
- Knowledge of cloud infrastructure, including but not limited to account and project structure, VMs, containers, kubernetes, and serverless architectures
- Basic to intermediate knowledge of SecDevOps/DevSecOps and CI/CD
- Hand-on experience with Static and Dynamic application security testing
- Familiarity with vulnerabilities that affect third-party libraries and open source dependencies
- Experience working in a service-oriented information security or information technology group preferred
- Demonstrated ability to interact with business and technical audiences cross all levels of an organization
- In-depth knowledge of common internet protocols (e.g., DNS, HTTPS, TLS)
- In-depth knowledge OWASP top10 and the OWASP Application Security Verification Standard
- Basic understanding of networking concepts and protocols
- Strong time management skills and experience handling multiple initiatives with competing priorities
- Self-starter with strong analytical and technical skills
- Experience performing security testing activities (e.g., application assessments, penetration testing, vulnerability assessments, red team)
- Experience with collection or consumption of cyber threat intelligence
- Experience with bug bounty or crowd-sourced ethical hacking
- People: Work with talented, collaborative, and friendly people who love what they do.
- Fun: We host in-person and virtual events such as game nights, happy hours, camping trips, and sports leagues.
- Work/Life Harmony: Flexible paid time off, options for working from home, and paid parental leave.
- Whole Health Package: Medical, dental, vision, and disability insurance. Plus mental health support (via Talkspace) and a fitness reimbursement up to $100 per month.
- Savings: Our 401K matching plan—1:1 match up to 6% of salary—helps you plan ahead (U.S. LiveRampers)
- RampRemote: A comprehensive office equipment and ergonomics program—we help you set up your home office (Home-based LiveRampers)
- Location: work in the heart of San Francisco
More about us:
LiveRamp’s mission is to connect data in ways that matter, and doing so starts with our people. We know that inspired teams enlist people from a blend of backgrounds and experiences. And we know that individuals do their best when they not only bring their full selves to work but feel like they truly belong. Connecting LiveRampers to new ideas and one another is one of our guiding principles—one that informs how we hire, train, and grow our global team across nine countries and four continents. Click here to learn more about Diversity, Inclusion, & Belonging (DIB) at LiveRamp.
LiveRamp is an affirmative action and equal opportunity employer (AA/EOE/W/M/Vet/Disabled) and does not discriminate in recruiting, hiring, training, promotion or other employment of associates or the awarding of subcontracts because of a person's race, color, sex, age, religion, national origin, protected veteran, disability, sexual orientation, gender identity, genetics or other protected status. Qualified applicants with arrest and conviction records will be considered for the position in accordance with the San Francisco Fair Chance Ordinance.
To all recruitment agencies: LiveRamp does not accept agency resumes. Please do not forward resumes to our jobs alias, LiveRamp employees or any other company location. LiveRamp is not responsible for any fees related to unsolicited resumes