Website Bath And Body Works
The Lead will represent the Vulnerability Management capability which is responsible for maintaining and operating services that review and identify vulnerabilities in applications, user endpoints, infrastructure, and services at Bath and Body Works (BBW). The services we operate are of a global nature, providing service solutions to multiple business units, across the global enterprise. Thus, one of our team’s roles is to communicate efficiently with all the stakeholders and customers in different countries. The Lead will become a member of our agile and strong team and their role will be to monitor, analyze, and report on those services to ensure they balance the security of the business, with its ability to effectively operate. The role provides an opportunity to manage contracted resources and meet aggressive risk mitigation goals. The Lead will provide recommendations for improvements and optimizations based on their experience and analytical insight into current operations and processes.
- Lead team members through technical growth, career path, and other needs related to success in their role.
- Conduct research to identify threats and attack vectors and develop detection solutions to manage the risk.
- Provide information regarding any perceived weaknesses in the security program.
- Provide reporting and escalation support to leadership team.
- Define parameters for scan schedule, any special configurations required, and scan policies to be applied.
- Demonstrate ability to interact with third party vendors, providing analysis and reporting. Enable tuning and troubleshooting support to improve service offerings.
- Improve the overall posture of BBW infrastructure by leading services to support vulnerability management, dynamic and static application testing, and penetration testing.
- Ensure the efficient management and translation of Common Vulnerabilities and Exposures (CVEs) to the Risk team for triage and the CTI team for effective communication of threats. Participate in scoping the remediation actions with IT and business partners.
- Review investigations related to unauthorized activities on key assets and communicate findings with teammates.
- Able to implement technical and business requirements for DAST/SAST/SCA solutions, participate in project reviews, documentation processes
- Understanding of current threat landscape, information security risks, preventative measures, and incident and threat management
- Familiarity with Purple Team responsibilities
- Knowledge of basic cryptography (TLS), common network protocols, edge routing technologies, firewall solutions, etc
- Ability to explain available approaches for application and penetration testing
- Understanding of Agile methodologies and IT security frameworks such as ITIL or NIST 800-53
Qualification & Experience:
- 3+ years working within cloud infrastructure or SaaS delivered services
- 5+ years of relevant experience in attack surface related Security technologies. Experience with PortSwigger Burp Suite Professional and Qualys is required. Experience with Fortify, Tenable, Microsoft Defender are highly valued but not required.
- Bachelor’s Degree in an IT related discipline
- Experience in with common IT deployment and management tools
- 3+ years of experience with team leadership and mentoring
Company: Bath And Body Works
Vacancy Type: Full Time
Job Location: Columbus, OH, US
Application Deadline: N/A