Senior Vulnerability Management Engineer - Hybrid | Cary, NC

Nice to meet you!  

We’re the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence – and questions into answers.

We’re also a debt-free multi-billion-dollar organization on our path to IPO-readiness. If you’re looking for a dynamic, fulfilling career coupled with flexibility and world-class employee experience, you’ll find it here.

About the job

We’re looking for a Senior Vulnerability Management Engineer to join our Information Security Office. Our team is responsible for helping protect SAS by developing and executing innovative security controls, defenses and countermeasures designed to help prevent internal and external attacks.  This role is to help detect security vulnerabilities in information systems and drive resolution in compliance with corporate security policy. You will work with system and application owners to evaluate vulnerability findings, determine risk levels and plan for remediation.

As a Senior Vulnerability Management Engineer, you will:

• Perform, refine, and automate both vulnerability and compliance scans using industry-standard vulnerability scanning software. Analyze and prioritize vulnerabilities to help the business understand the security impact.
• Track and analyze emerging threats and potential vulnerabilities within a global IT environment.
• Work with system and application owners to review scan output and take proper remediation action on findings.
• Coordinate with external third-party vendors to schedule application/network penetration tests and help facilitate remediation of discovered vulnerabilities.
• Build and maintain documentation in support of vulnerability management, penetration testing, and incident response programs.
• Collaborate with the Government, Risk, and Compliance team to enhance security processes related to vulnerability and risk management.

Required qualifications 

• US Citizen required.
• 8+ years of experience in an information security field.
• Bachelor’s degree in Computer Science, Engineering, or a related quantitative field.
• Equivalent combination of related education, training and experience may be considered in place of the above qualifications.
• Hands-on experience with industry standard vulnerability tools such as Tenable, Rapid7, or Qualys.
• Experience participating in or managing the vulnerability management process.
• Demonstrated experience of various IT platforms (i.e. networking, system admin, programming, etc.).
• You’re curious, passionate, authentic and accountable. These are our values and influence everything we do.

Preferred qualifications

Experience maintaining and advancing enterprise-wide vulnerability management and patch programs

Demonstrated experience working with and identifying security weaknesses in on-premise servers, network infrastructure, web applications, containers, active directory, and multi-cloud services.

Experience with risk-based vulnerability management

Proficiency in a programming language such as Python, Perl, or Bash.

Familiarity and experience with ServiceNow.

Strong web application or network penetration testing experience

World-class benefits  

Highlights include...

• Comprehensive medical, prescription, dental and vision plans. 
• Medical plan options include…
  • PPO with low annual deductible and copays. 
  • HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center). 
• Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There’s a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge! 
• An industry-leading 401k plan. 
• Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1. 
• Volunteer Time Off, parental leave and unlimited paid sick days. 
• Generous childcare benefits for all full-time employees 

Diverse and Inclusive

At SAS, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it’s essential to who we are. To put it plainly: you are welcome here.

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity/Affirmative Action employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Know Your Rights. 

Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.

#SAS