Risk Reduction Engineer
At Relativity, we make software to help users organize data, discover the truth, and act on it. Our e-discovery platform is used by more than 13,000 organizations around the world to manage large volumes of data and quickly identify key issues during litigation, internal investigations, and compliance projects.
Here you can own your career in a community of values-driven people who help our customers around the world solve complex data challenges. If this sounds like the place for you, check out the details of this position below.
Relativity is looking for a Risk Reduction Engineer to join a fast-paced and dynamic Cyber Security team. The ideal candidate will be a career-driven and passionate security professional that can continue the development of a vulnerability management and risk reduction group into a world-class security program.
- Implement and direct processes across the vulnerability management lifecycle, including Discovery, Prioritization of Assets, Vulnerability Assessment, Reporting, Remediation, and Verification.
- Assist with developing team objectives to resolve outstanding risk and identify new areas of exposure.
- Assist in validating and remediating critical findings resulting from audit processes.
- Assist other teams in applying security best practice.
- Utilize industry-standard toolsets to map and reduce the attack surface of a complex and dynamic architecture.
- Collaborate with Threat Intelligence groups to overlay observations from the global threat landscape with patching and remediation strategy.
- Review opportunities to reduce the risk surface of Relativity, ensuring a highly secure target for adversary actors.
- Assist with the development of scripts, tools, and methodologies to identify and exploit points of exposure on internal and perimeter applications (penetration testing).
- Proactively research emerging cyber threats. Apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
- Possess a high degree of proficiency in the following domains: port scanning, client-side attacks, and evasion techniques.
- Experience with vulnerability management and offensive security tools, including SecurityCenter/Nessus, Splunk, Burp Suite, and Metasploit.
- Able to contribute to security architecture discussions to ensure exposure to threats is minimized and countermeasures can be proactively applied.
- Familiarity with the security, attack surface, and threat profile of SaaS-based applications.
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
- Ability to identify adversary tactics, techniques, and procedures (TTPs), targeting, malware development and implementation.
- One or more of the following certifications: OSCP, CEH, GPEN, CISSP
- Detailed understanding of the vulnerability management lifecycle, and how this is applied in a corporate setting.
- Expertise in networking and security concepts.
- Capacity to provide both high-level and technical briefings on emerging threats and vulnerabilities, collaborating with extended Cyber teams to assess risk.
- Experience performing analysis of network traffic to identify anomalies and attacks.
- Ability to work collaboratively and independently to deliver projects based on high-level requirements and success criteria.
- 1-3 years experience in vulnerability management, security engineering, or a related discipline.