at Marriott in Little Rock, Arkansas, United States
Job Description
Job Number 24136484
Job Category Information Technology
Location Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States
Schedule Full-Time
Located Remotely? Y
Relocation? N
Position Type Management
JOB SUMMARY
The Marriott Enterprise Vulnerability Management group oversees attack surface reduction across a wide range of corporate, cloud, data center, and property locations. Our team members are passionate about protecting our data, systems, and service delivery functions across the globe against a broad range of adversaries. The Senior Manager, Vulnerability Management Solutions Support functions as an individual technical expert as part of a team that maintains Marriott vulnerability management solutions, responsible for implementing, managing, and optimizing vulnerability management tools within the Marriott environment. This role is responsible for ensuring the comprehensive discovery of vulnerabilities across a multi-vendor public cloud environment. This role requires an in-depth technical knowledge of public cloud architecture and security and how it relates to vulnerability management, including cloud automation pipelines, DevOps practices, containerization, public cloud networking technologies, and serverless architectures. It also requires an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation, especially as they relate to a multi-vendor public cloud environment. It requires participating in designing, building, and maintaining integrations between various internal and SaaS applications. Maintaining operational and technical documentation related to the operational lifecycle of supported solutions is required, as is identifying improvements to ensure the inclusion of appropriate quality of delivery and compliance with security policy and regulations.
CANDIDATE PROFILE
Required Education and Experience:
The successful candidate is required to have at least a bachelor’s degree in a field relevant to information security or the equivalent combination of experience and certifications, as well as at least 7 years of information security experience that includes knowledge of general security concepts such as defense in-depth and risk-based security management. Also required is
- 7+ years of in-depth experience with vulnerability management concepts and methodologies; including:
o 3+ years of experience in cloud solutions architecture or cloud security engineering
o 3+ years of experience with vulnerability assessment and reporting, including comprehensive understanding of vulnerability management methodologies and procedures, threat assessment, and remediation management,
o 3+ years of experience implementing, managing and maintaining enterprise vulnerability assessment or cloud security assessment technologies, including assessment, reporting, and settings management.
Preferred Experience:
- Working knowledge of multiple vendor public cloud environments and deep understanding of services provided therein
- Experience with solutions deployment in on-premises and SaaS models
- Experience with enterprise vulnerability reporting tools, such as Cisco Vulnerability Management (Kenna Security)
- Experience with workflow solutions, including ServiceNow and Jira
- Working knowledge of interacting with API data sources
- Working knowledge of Python with experience in automation, API access, and data management
- Knowledge of SEIM and SOAR solutions and their role in enterprise security solutions infrastructure
- Understanding of DevOps processes, workflows, and technologies
- Experience in agile workflow methodologies
- Experience managing medium to large projects involving multiple teams in a technical lead role
- Familiarity with attack and exploitation techniques commonly seen in an enterprise environment
- Capable of working effectively both independently and as part of a team
- Experience working with third party security testing providers
Expected Contributions:
- Ensures the comprehensive discovery of vulnerabilities across a multi-vendor public cloud environment
- Utilizes advanced vulnerability assessment tools and techniques to discover and assess potential threats across various cloud platforms.
- Identifies vulnerability-related information in enterprise tools and integrates that data with vulnerability reporting solutions
- Analyzes the risk of identified vulnerabilities and assists prioritizing remediation efforts based on risk.
- Assists in the successful integration and operation of vulnerability management reporting solutions, including Cisco Vulnerability Management (Kenna Security)
- Develops and maintain integrations between vulnerability assessment solutions, vulnerability reporting solutions, and related solutions as needed
- Assists with developing reporting and providing analysis around enterprise cloud vulnerability assessment data
- Ensures that organization core values and culture are embedded into all aspects of the position’s work.
- Works with key stakeholders throughout the organization to build relationships based on an understanding of stakeholder needs and actions consistent with the company’s service standards
- Provides reporting and analysis to demonstrate program effectiveness, drive improvements in maturity and stakeholder awareness, and develop strategic improvements
- Guides and develops team members in technical skills related to cloud vulnerability management
- Uses organizational assessment, reporting, workflow, and communications solutions to fulfill responsibilities of the role and of the team
- Works with third-party providers to assess, report, remediate, and measure the effectiveness of team objectives
Maintaining Goals
- Submits reports in a timely manner, ensuring delivery deadlines are met.
- Promotes the documenting of project progress accurately.
- Provides input and assistance to other teams regarding projects.
Managing Work, Projects, and Policies
- Manages and implements work and projects as assigned.
- Generates and provides accurate and timely results in the form of reports, presentations, etc.
- Analyzes information and evaluates results to choose the best solution and solve problems.
- Provides timely, accurate, and detailed status reports as requested.
Demonstrating and Applying Discipline Knowledge
- Provides technical expertise and support to persons inside and outside of the department.
- Demonstrates knowledge of job-relevant issues, products, systems, and processes.
- Demonstrates knowledge of function-specific procedures.
- Keeps up-to-date technically and applies new knowledge to job.
- Uses computers and computer systems (including hardware and software) to enter data and/ or process information.
Delivering on the Needs of Key Stakeholders
- Understands and meets the needs of key stakeholders.
- Develops specific goals and plans to prioritize, organize, and accomplish work.
- Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
- Collaborates with internal partners and stakeholders to support business/initiative strategies
- Communicates concepts in a clear and persuasive manner that is easy to understand.
- Generates and provides accurate and timely results in the form of reports, presentations, etc.
- Demonstrates an understanding of business priorities
Additional Responsibilities
- Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner.
- Demonstrates self c
