The Unity Security Operations team is seeking an experienced Vulnerability Management Engineer.  We are building our SecOps team from the ground up, and as our first Vulnerability Management Engineer, the successful applicant will have the opportunity to drive decisions and help create the processes that we will use moving forward around the globe.

The position requires the ability to gather, correlate, rationalize, and prioritize vulnerability data from at least two types of sources; vulnerabilities that we discover within our infrastructure as a result of automated scans, and software and system vulnerability disclosures from vendors, MITRE and similar 3rd party sources.  As one of the first and only Vulnerability Management Engineers, the person filling this position will need to identify and purchase (or help create) any necessary tools that we do not already have.  Just as importantly, this person will need to create, document, and socialize the procedures for notifying teams responsible for patching/upgrading affected systems and software, and for tracking their progress towards mitigation. This is a great opportunity to grow your career in the security space.

Responsibilities

• Work with Infrastructure Security team to define format and delivery mechanism of vulnerability scan data
• Define requirements for collecting CVE data, as well as vendor disclosures
• Create standards and procedures for prioritizing vulnerabilities
• Create and socialize procedures for reporting vulnerabilities to the correct individuals/teams
• Analyze false positives and provide guidance for reducing/eliminating them
• Monitor and report on progress towards mitigating vulnerabilities
• Work with IT team to establish procedures for monitoring and responding to CASB alerts, in an analogous manner to vulnerability reports

Requirements

• Experience with common scanning tools, such as Qualys
• Experience with container vulnerability scanning tools, such as Stackrox
• Experience with one or more cloud platforms as well as end to end vulnerability management lifecycle
• Proficiency with one or more scripting languages, such as Python or Ruby
• Demonstrated ability to work with other teams within the same company

Bonus Points

• Some experience and genuine interest in other SecOps related roles, such as Security Analyst, Security Engineer, Technical Program Manager, Incident Response Lead, etc.
• Qualys, Twistlock, Orca, JIRA, Airwatch
• SOAR tool (such as Demisto/XSOAR)
• CASB solution

About Unity Technologies

Unity is the world’s leading platform for creating and operating real-time 3D (RT3D) content. Creators, ranging from game developers to artists, architects, automotive designers, filmmakers, and others, use Unity to make their imaginations come to life. Unity’s platform provides a comprehensive set of software solutions to create, run and monetize interactive, real-time 2D and 3D content for mobile phones, tablets, PCs, consoles, and augmented and virtual reality devices.

The company’s 1,400+ person research and development team keeps Unity at the forefront of development by working alongside partners to ensure optimized support for the latest releases and platforms. Apps developed by Unity creators were downloaded more than three billion times per month in 2019 on more than two billion unique devices. For more information, please visit www.unity.com.   

Unity is an equal opportunity employer committed to fostering an inclusive, innovative environment with the best employees. Therefore, we provide employment opportunities without regard to age, race, color, ancestry, national origin, religion, disability, sex, gender identity or expression, sexual orientation, or any other protected status in accordance with applicable law. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.

Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Unity does not accept unsolicited headhunter and agency resumes. Unity will not pay fees to any third-party agency or company that does not have a signed agreement with Unity.

#LI-SL1 #SEN