POSITION OVERVIEW

The Security Engineer (Vulnerability and Patch Management) will use various security tools to identify, classify, and track the remediation of vulnerabilities in our systems.  The engineer will interact with other teams to enable prioritization, escalation, and remediation of vulnerabilities as needed.  Automated scanners such as manual penetration testing to assess the environment's security posture are needed. The engineer must be able to document policies and procedures keep them updated according to industry compliance requirements and track remediation of vulnerabilities as they are handed off to the other teams.

Responsibilities

The Security Engineer's (Patch and Vulnerability) primary job responsibilities include:

• Strong knowledge of vulnerability assessment tools, including those capable of network scanning, application security testing, and agent-based monitoring; responsibilities include configuration and maintenance, scan execution, agent deployment, and oversight of the entire vulnerability management process.
• Utilize various security tools, including those for vulnerability detection, threat intelligence, and code review, to identify, classify, and track the remediation of vulnerabilities. This includes conducting vulnerability scans at the network, operating system, database, and application levels on both internal and external systems within the organization's enterprise.
• Proficient in managing vulnerability and patch processes in cloud environments such as AWS, Azure, and GCP, and strong knowledge of UNIX operating systems, command line usage, and system administration.
• Responsible for building, maintaining, and providing metrics and KPIs for vulnerability management, which include scan coverage or compliance against defined SLAs, and providing timely vulnerability assessment reports to key stakeholders.
• Analyze threat and vulnerability feeds, conduct vulnerability assessments, red teaming, and penetration testing to identify weaknesses and countermeasures. Perform attack surface reviews and multilayer defense systems to prevent exploits, detect and intercept attacks, and discover threat agents.
• Drive remediation by working with various teams, assist in generating asset inventory reports, identify discrepancies, and leverage software tools to aid in the discovery and removal of vulnerabilities.
• Establishes multiple relationships with senior-level customers and managers across the organization to act as a respected technical interface both internally and externally to deliver and enhance the service.
• Work with both external vendors and other groups to coordinate and conduct schedule and ad-hoc testing.
• Provide relevant threat intelligence documents to key stakeholders.
• Understanding of DevOps including orchestration (GIT, Chef, Ansible, etc).
• Other duties as assigned.

Required Qualifications

• B.A. or B.S. (or higher level degree) in Computer Science or a similar engineering program with strong academic performance preferred.
• Understanding of the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them.
• 3+ years experience in Vulnerability Management or related field.
• Knowledge of AWS (Amazon Web Services), GPC (Google Private Cloud), Azure, or other cloud platforms and related technologies is desired.
• Familiarity with Linux systems.

WHY WORK FOR ALARM.COM?

• Collaborate with outstanding people: We hire only the best. Our standards are high and our employees enjoy working alongside other high achievers.
• Make an immediate impact: New employees can expect to be given real responsibility for bringing new technologies to the marketplace. You are empowered to perform as soon as you join the Alarm.com team!
• Gain well-rounded experience: Alarm.com offers a diverse and dynamic environment where you will get the chance to work directly with executives and develop expertise across multiple areas of the business.
• Work with the latest technologies: You’ll gain exposure to a broad spectrum of IoT, SaaS, and M2M technologies including wireless communication, video monitoring, smart home automation, web development, and backend application development and hosting.
• Focus on fun: Alarm.com places high value on our team culture. We even have a committee dedicated to hosting a stand-out holiday party, happy hours, and other fun corporate events.
• Alarm.com values working together and collaborating in person. Our employees work from the office 4 days a week.

COMPANY INFO

Alarm.com is the leading cloud-based platform for smart security and the Internet of Things. More than 7.6 million home and business owners depend on our solutions every day to make their properties safer, smarter, and more efficient. And every day, we’re innovating new technologies in rapidly evolving spaces including AI, video analytics, facial recognition, machine learning, energy analytics, and more.  We’re seeking those who are passionate about creating change through technology and who want to make a lasting impact on the world around them.

For more information, please visit www.alarm.com.

COMPANY BENEFITS

Alarm.com offers competitive pay and benefits inclusive of subsidized medical plan options, an HSA with generous company contribution, a 401(k) with employer match, and paid holidays, wellness time, and vacation increasing with tenure. Paid maternity and bonding leave, company-paid disability and life insurance, FSAs, well-being resources and activities, and a casual dress work environment are also part of our outstanding total rewards package!

Alarm.com is an Equal Opportunity Employer

In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we may collect include your name, government-issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information.  We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future contract positions, record keeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.

Notice To Third Party Agencies

Alarm.com understands the value of professional recruiting services.  However, we are not accepting resumes from recruiters or employment agencies for this position. In the event we receive a resume or candidate referral for this position from a third-party recruiter or agency without a previously signed agreement, we reserve the right to pursue and hire those candidate(s) without any financial obligation to you. If you are interested in working with Alarm.com, please email your company information and standard agreement to [email protected].