Vulnerability Management Engineer
We are Relativity. A market-leading, global tech company that equips legal professionals with a powerful platform to organize data, discover the truth, and act on it. The U.S. Department of Justice, 198 of top 200 U.S. law firms, and more than 70 Fortune 100 companies are among our customers who trust Relativity during litigation, internal investigations, and compliance projects.
Our SaaS product, RelativityOne, has become the fastest-growing product in the company's history and we have consistently been named a great workplace. As we grow, we continue to seek individuals that will bring their whole self to our team atmosphere.
Join us in the transformation of the legal industry and play a pivotal role in shaping the future of the practice of law and beyond.
Relativity is looking for a Vulnerability Management Engineer to join a fast-paced and dynamic Cyber Security team. You will help us better organize, prioritize, remediate and report on our vulnerabilities.
- You will implement and direct processes across the vulnerability management lifecycle, including Discovery, Prioritization of Assets, Vulnerability Assessment, Reporting, Remediation, and Verification.
- You will assist with developing team objectives to resolve risk and identify new areas of exposure.
- You will validate and help remediate critical findings resulting from audit processes.
- You will collaborate with Threat Intelligence groups to overlay observations from the global threat landscape with patching and remediation strategy.
- You will review opportunities to reduce the risk surface of Relativity
- You will build scripts, tools, and methodologies to conduct penetration testing.
- You will research emerging threats and apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of exploits.
- Exposure in the following domains: port scanning, client-side and back-end vulnerabilities, and evasion techniques.
- Experience with vulnerability management and offensive security tools, including SecurityCenter/Nessus, Splunk, Burp Suite, and Metasploit.
- Familiarity with the security, common flaws, and threat profile of SaaS-based applications.
- Ability to identify adversary tactics, techniques, and procedures (TTPs), targeting, malware development and implementation.
- One or more of the following certifications: OSCP, CEH, GPEN, CISSP is a plus
- Capacity to provide both high-level and technical briefings on vulnerabilities
- 1-3 years experience in vulnerability management, security engineering, or a related discipline or equivalent experience