Our History:
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.
Conexess Group is aiding a large healthcare client in their search for a Cloud Vulnerability Engineer in an onsite capacity. This is a long-term opportunity with a competitive compensation package. This position can sit onsite in the following locations St. Louis, MO, Bloomfield, CT, Bloomington, MN or Denver, CO.
- Deliver and enhance existing vulnerability and remediation metrics
- Develop the integration and automation strategy around multiple VM toolsets
- Perform risk-based technical assessments on technical vulnerabilities.
- Stay abreast of emerging threats, and promote understanding of associated risk with stakeholders
- Review and analyze vulnerability data to identify trends and patterns.
- Articulate risk and impact to IT management with the proven ability to convey the urgency and need to remediate a vulnerability commensurate with the risk.
- Develop and implement strategies, workflows and procedures for identifying, assessing, prioritizing, remediating and reporting vulnerabilities throughout the public and private cloud platforms.
- Shape and grow the strategy to empower teams to adopt a culture of secure-by-design development through the design and implementation of flexible governance mechanisms, processes, and technologies.
- Cultivate and maintain relationships with cross-functional software development, engineering and technology teams at varying organizational levels, with the ability to lead multi-stakeholder discussions, build consensus and influence leaders toward positive outcomes.
- Demonstrate strengthening application security, reducing risk and improving cloud vulnerability management within the organization with the use of Key Performance Indicators (KPIs)
Skills
- Bachelor's degree in information security, computer science or a related field.
- 5 years of experience in information security, vulnerability management, cloud security, production engineering, software development (DevSecOps), or related position.
- Robust hands on experience in Risk, Threat and Vulnerability management tools for Cloud environments with Prisma Cloud, TwistLock, Aqua, StackRox – RedHat ACS, Confectionary, Cloud Conformity, Tenable as well as solid understanding of how these tools are used to protect the cloud.
- Experience with managing projects, leveraging Agile and/or DevOps methodologies.
- Experience with Amazon Web Services, Azure, Google Cloud Platform, OCI and Alibaba
- Strong knowledge of DevSecOps and experience with containers, docker and Kubernetes
- Experience with application development build pipelines, integrating automation into processes and capabilities and early/continuous integration of security through the SDLC.
- Proficient in MS Office products, particularly PowerPoint, SharePoint, Word & Excel.
- Good analytical and problem-solving skills, with experience using automation to improve process efficiency.
- Strong understanding of security best practices and industry standards.
- Strong leadership and project management skills.
- Knowledge of core security principles, frameworks and risk models.
- Experience with using application security testing and orchestration tools and technologies (DAST, SAST, IAST, SCA)
- An understanding of popular programming languages, like PHP, Java, JavaScript, Ruby and Python and familiarity with popular CI/CD tools, such as Jenkins, GitLab CI/CD, CircleCI, Puppet, Chef and Spinnaker, is a plus.
- Prefer experience in cybersecurity and/or information technology in a regulated industry (e.g., financial services, healthcare, government, etc.) CISSP, CISM, or other relevant security certifications are a plus.