Security Engineer (Vulnerability and Patch Management)

Patch and Vulnerability Management is a crucial part of Alarm.com security efforts. As new threats emerge, the Cloud Operations Team must be able to rapidly assess the threat landscape, make recommendations, and track fixes across a large surface area.

The Security Engineer (Vulnerability and Patch Management) will use various security tools to identify, classify and track remediation of vulnerabilities in our systems.  The engineer will interact with other teams to enable prioritization, escalation, and remediation of vulnerabilities as needed.  Automated scanners as manual penetration testing to assess the security posture of the environment is needed. The engineer must have the ability to document policies and procedures and keep them updated according to industry compliance requirements and track of remediation of vulnerabilities as they are handed off to the other teams.
RESPONSIBILITIES: 
The Security Engineer (Patch and Vulnerability) primary job responsibilities include:

• Strong knowledge of InsightVM, InsightAppSec or similar vulnerability assessment tools; including configuration and maintenance, scan execution, agent deployment and oversight
• Conduct vulnerability scans at the network, operating system, database, and application levels on both internal and external systems within this organizations enterprise
• Responsible for building and maintaining metrics and KPIs for vulnerability management, that include scan coverage or compliance against defined SLAs.
• Strong knowledge of UNIX operating systems, command line usage, and system administration
• Establishes multiple relationships with senior level customers and managers across the organization to act as a respected technical interface both internally and externally to deliver and enhance the service
• Analyze threat and vulnerability feeds and analyze data for applicability
• Conduct vulnerability assessments, red teaming and penetration testing to identify weaknesses and countermeasures
• Drive remediation by working with various teams and assist in generating asset inventory reports and identify discrepancies
• Perform attack surface reviews and multilayer defense systems to prevent exploits, detect and intercept attacks, and discover threat agents
• Leverage software tools to aid in the discovery and removal of vulnerabilities in a system
• Work with both external vendors and other groups to coordinate and conduct schedule and ad-hoc testing
• Provide timely vulnerability assessment reports to key stakeholders
• Provide relevant threat intelligence documents to key stakeholders
• Understanding of DevOps including orchestration (GIT, Chef, Ansible, etc)

REQUIREMENTS

• B.A. or B.S. (or higher level degree) in Computer Science or a similar engineering program with strong academic performance preferred

• Understanding of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them
• 3+ years’ experience in Vulnerability Management or related field
• Understanding of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them
• Knowledge of AWS (Amazon Web Services), GPC (Google Private Cloud), Azure, or other cloud platforms and related technologies is desired.
• Familiar with Linux systems.

If you feel like you don’t meet all the requirements for this role, we encourage you to apply. We don’t want a few of them to get in the way of meeting a great candidate like you! 

WHY WORK FOR ALARM.COM?

• Collaborate with outstanding people: We hire only the best. Our standards are high and our employees enjoy working alongside other high achievers.
• Make an immediate impact: New employees can expect to be given real responsibility for bringing new technologies to the marketplace. You are empowered to perform as soon as you join the Alarm.com team!
• Gain well rounded experience: Alarm.com offers a diverse and dynamic environment where you will get the chance to work directly with executives and develop expertise across multiple areas of the business.
• Work with the latest technologies: You’ll gain exposure to a broad spectrum of IoT, SaaS and M2M technologies including wireless communication, video monitoring, smart home automation, web development, and backend application development and hosting.
• Focus on fun: Alarm.com places high value on our team culture. We even have a committee dedicated to hosting a stand-out holiday party, happy hours, and other fun corporate events.

COMPANY INFO
Alarm.com is the leading cloud-based platform for smart security and the Internet of Things. More than 6 million home and business owners depend on our solutions every day to make their properties safer, smarter, and more efficient. And every day, we’re innovating new technologies in rapidly evolving spaces including AI, video analytics, facial recognition, machine learning, energy analytics, and more. Alarm.com earned the Top Workplace™ award for our employee culture and the meaningful work we do to give property owners peace of mind, help them conserve energy and water, and stay connected to loved ones. We’re seeking those who are passionate about creating change through technology and who want to make a lasting impact on the world around them.

For more information, please visit www.alarm.com.

COMPANY BENEFITS
Alarm.com offers competitive pay and benefits including a wide choice of healthcare options with generous company subsidy, a health savings account option with company contribution, 401(k) with employer match, paid holidays and paid time off increasing with tenure, paid maternity and paternity leave, company paid STD/LTD and life insurance, flexible spending accounts, and a casual dress work environment.      

Alarm.com is an Equal Opportunity Employer

In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we may collect include your name, government-issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information.  We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future contract positions, record keeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.