Engineer I (Vulnerability Remediation)


The Engineer I is responsible for remediating any vulnerabilities to meet PCI compliance and other corporate governance requirements for all servers at Ross. The Engineer I will require deep analytical thinking based on research results to assess software remediations, registry updates and configuration changes to be applied to varied infrastructure.

The Engineer I will provide assessment including security, system, and business impact. The candidate must have a good understanding of the security implications of a remediation although not a security SME. The Engineer I must analyze and foresee the side effects of the remediation. Finally, this position needs to be able to quantify the risks and opportunities (for better security) when the remediation is applied in business impact.

  • Develop and optimize pre- and post- remediation process to ensure proper implementation without any outages.
  • Score each remediation based on risks & opportunity to prioritize. Identify which remediation are more valuable to the organization than others.
  • Coordinate remediation schedule with other teams such as remediation team, infrastructure management, security operations, governance & risk. Communicate project and operational metrics.
  • Assist in developing action plans, schedules, budgets, status and metrics reports as well as other management communications intended to improve the vulnerability management program at Ross.
  • Must be able to create deployment patch package using SCCM and WSUS
  • Thorough testing of patches in a non-Production environment. Must be able to think ahead to avoid business outages based on the lab results.
  • Able to remediate vulnerabilities. Often, it will require more than patches like changing register values, working with the firewall group. Requires research capabilities with intellectual curiosity to figure out how to remediate vulnerabilities
  • Exposed to diverse IT technologies, naturally, to come up with recommendations to remediate any vulnerabilities in Ross IT environment, including but not limited to Storage, Network, Security and computing servers and devices.
  • Able to work with product vendors to come up with suitable remediation recommendations without risking systems.
  • Assist in the process for vulnerability and remediation management ensuring they are compatible with the company's business needs and strategic objectives
  • Review and analyze new requests, work with IT partners, vendors, and business leaders to understand vulnerability management needs; Partner on solutions and recommendations for business initiatives based on application requirements
  • Research, evaluate, develop, design and implement remediation designs and standards following industry best practices
  • Develop and implement vulnerability remediation process including package creation, testing and deployment.
  • Communication
  • Listening
  • Problem Solving
  • Dealing with Ambiguity
  • Customer Focus
  • Approachability
  • Time Management
  • 3 to 5 years’ experience supporting diverse IT systems, processes or capabilities
  • 3 to 5 years of Information Technology Security experience, at least 3 with large enterprise organizations
  • A solid understanding of industry best practices for Vulnerability Management; specific demonstrated experience mapping business processes and comparing those processes to industry best practices
  • The ability to work closely with Business and development and a thorough understanding of the balance between business and remediation requirements
  • Must have excellent competency with SCCM, WSUS in running over 1000 servers and other remediation tools
  • Proficiency in scripting of packaged installation of patches, software and configuration changes, including the knowledge and ability to write power shell scripts needed to automate vulnerability management processes
  • Excellent understanding of network, system and application security
  • Demonstrated project management experience
  • Red Hat Linux and Solaris
  • PMP, ITIL, and Six Sigma certificates
  • A 4 Year college degree in Science, Math, Engineering Technology is preferred or equivalent work experience.
  • Certified Information Systems Security Professional (CISSP), or other Information Security related certification
  • Knowledge of various vulnerability scanning solutions, scripting and automation
  • Experience with automation tool like Ansible, C#, Visual Basic, data base, Python and Java application development (in-house developed or off-the-shelf) will be a plus
  • Experience navigating the Microsoft Security Update guide portal and interpreting detailed descriptions of the security vulnerability, exploitability assessment and researching reported issues with deployed patches
  • Excellent written and verbal communication; must be able to communicate technical solutions to senior management
  • Available for rotation assignment for on-call support duties

Job requires ability to work in an office environment, primarily on a computer.
Requires sitting, standing, walking, hearing, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.
Consistent timeliness and regular attendance.
Vision requirements: Ability to see information in print and/or electronically.



This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management’s discretion.

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company’s overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.