Engineer II (Security - Vulnerability Management)

GENERAL PURPOSE:

The Security Engineer is responsible for ongoing vulnerability identification, assessment, prioritization and remediation planning to continually improve the security posture of Ross.

The Security Engineer is responsible for working within a multi-disciplined team to provide expertise on network, infrastructure and application vulnerability scanning, analysis and reporting. This role will evaluate any identified vulnerability for exploitability using several testing techniques.

ESSENTIAL FUNCTIONS:

• Responsible for executing network and infrastructure vulnerability scans, working with cross-functional teams to evaluate the appropriate risk, recommend appropriate remediation solutions for identified vulnerabilities and track remediation.

• Responsible for maintaining and categorizing inventory of assets to be scanned.

• Responsible for maintaining vulnerability scan tools, integration with various intelligence feeds and downstream workflow management tools and automation of scanning and reporting.

• Coordinate work efforts with other teams such as patch team, infrastructure management, security operations, governance & risk. Communicate project and operational metrics.

• Assist in developing action plans, schedules, budgets, status and metrics reports as well as other management communications intended to improve the vulnerability management program at Ross.

• Stays informed about the latest developments in the information security field, including latest vulnerabilities, new products and services, through on-line news services, technical magazines, professional association memberships, industry conferences, special training seminars, and other methods

• Monitors current and proposed laws, regulations (ie. PCI, SOX, HIPAA) and industry standards related to vulnerability management, so that Ross Stores is warned in advance and is ready to be fully compliant with these requirements.

COMPETENCIES:

• Communication

• Listening

• Problem Solving

• Dealing with Ambiguity

• Customer Focus

• Approachability

• Time Management

QUALIFICATIONS AND SPECIAL SKILLS REQUIRED:

• At least 8 to 12 years’ experience supporting IT systems, processes or capabilities

• Five years of Information Technology Security, at least 3 with large enterprise organizations

• A solid understanding of industry best practices for Vulnerability Management; specific demonstrated experience mapping business processes and comparing those processes to industry best practices

• The ability to work closely with Business and development and a thorough understanding of the balance between Business and Security requirements

• Excellent understanding of network, system and application security

• Knowledge of OWASP framework and application security best practices

• Knowledge of various vulnerability scanning solutions, scripting and automation

• Demonstrated project management experience

Preferred Requirements:

• Experience with Microsoft Office Suite, Microsoft Project and Visio

• Graduate degree

• Certified Information Systems Security Professional (CISSP), or other Information Security related certification

PHYSICAL REQUIREMENTS/ADA:

Job requires ability to work in an office environment, primarily on a computer.

Requires sitting, standing, walking, hearing, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.

Consistent timeliness and regular attendance.

Vision requirements: Ability to see information in print and/or electronically.

DISCLAIMER:

This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management’s discretion.

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company’s overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.

'166883