Vulnerability Mitigation Lead

Anaheim, CA, US, 92807

Company has a client that is seeking a Vulnerability Mitigation Lead in Anaheim, CA.

The Vulnerability Mitigation Lead will be responsible for identifying and remediating all server and application vulnerabilities that are managed by the Enterprise Systems Team. They will work not only with internal departments to resolve these vulnerabilities, but also external vendors. You must be proficient in all version of Linux and Windows operating systems, as well as the infrastructure they connect to. This lead position requires a deep understanding of systems vulnerabilities and application configuration variables across the .NET, SQL, Java, and IIS Windows services. Knowledge of scanning tools, vulnerability mitigation and close work with information security and development teams is a must.


  • Vulnerability Mitigation Lead will identify critical flaws in applications and systems that cyber attackers could exploit
  • Conduct vulnerability assessments for networks, applications and operating systems using in house tools
  • Use automated tools (e.g., Nessus) to pinpoint vulnerabilities and reduce time-consuming tasks
  • Use manual testing techniques and methods to gain a better understanding of the environment and reduce false negatives
  • Develop, test, and modify custom scripts and applications for vulnerability testing, mitigation, and certificates
  • Compile and track vulnerability metrics, including progress against mitigation targets
  • Write and present comprehensive Vulnerability reports, corrective actions and cross-train other members of the Enterprise Systems and desktop support teams
  • Work with programming and the implementation team to ensure our outside facing applications comply with our security policies
  • Assist in the scanning and hardening of new Windows and Linux systems as part of the production buildout and change control process
  • High School diploma/GED minimum required


  • SAN
  • CompTIA Security
  • Windows/Linux (preferred)
  • Minimum of 4+ years of experience in Information Security or related field experience
  • Ability to analyze business applications to determine and communicate risk to stakeholders in an understandable way in a consultative manner
  • Basic understanding of Incident Response and computer forensics
  • Thorough understanding of key networking protocols and computer operating systems
  • Strong understanding of TCP/IP connection protocols including IPSEC, SSH and TLS
  • Strong experience with Windows and Linux Servers, and virtual environments
  • Network security experience, including use of IDS, WAF, other security and monitoring applications
  • LAN and WAN experience, design, segmentation, and security
  • Must be Knowledge in .NET, SQL, Java, and IIS Windows services and certificate/cypher configurations and deployment
  • Strong understanding and experience of patch management processes and procedures
  • Experience with managing and updating certificates, cyphers and server hardening procedures and processes
  • Proficient in Microsoft Suite of applications including Word, Excel, Outlook, Office 365, etc.
  • Must be proficient in technology applications, including the Company’s Operating System and specialized software required for performance of position
  • Previous Financial industry and Customer Service experience preferred

Company is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Apply here with ITWQG2044940 as the reference code.