Vulnerability Remediation Manager (Remote Possible)

Who We Are

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for eight consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

As a Vulnerability Remediation Manager, you will be a key member of the Information Security group, managing a team responsible for our overall Vulnerability Management program. The successful candidate be a people manager with the ability to build strong teams and forge trusted partnerships across the Enterprise.  As a security leader, you have experience working with software development teams, have a strong background in network and application code vulnerability scanning and management, and are an exemplary technical communicator.  You will be responsible for leading and owning tactical and daily activities, deploying and executing enterprise security controls and defenses, monitoring and analyzing system and application code vulnerabilities, supporting and enforcing remediation activities, mitigation strategies, maintaining documentation, delivering audit artifacts, and providing remediation guidance to the enterprise.

What You'll Do:

• Oversee a team responsible for all activities related to assessing identified vulnerabilities, prioritizing, reporting and driving remediation of vulnerabilities relating to application code scans, systems, and infrastructure devices.
• Lead program maturity efforts and initiatives in vulnerability management functions such as driving improvements with application and vulnerability scanning automation, validation of vulnerability findings, regulatory scanning requirements, driving next generation security operations approaches/tools and producing automated dashboards to measure the effectiveness of the program.
• Manage a team responsible for integrating vulnerability findings against both application level scans and network scans to ServiceNow's Vulnerability Response module and providing support to application teams in their remediation activities.
• Lead a team to collaborate closely with development and operations teams to integrate robust security practices into the software development lifecycle (SDLC) while ensuring compliance with stringent security requirements.
• Provide consultative leadership and implementation guidance for application teams in the areas of vulnerability remediation and mitigation.
• Develop technical solutions to help mitigate security vulnerabilities and automate processes.
• Lead a team to execute security testing, encompassing vulnerability scanning and penetration testing to pinpoint and address security weaknesses.
• Define, collect, and communicate application vulnerability metrics across all levels of the organization, utilizing the metrics to aid in analyzing the likelihood of emerging threats impacting the organization and identifying the weaknesses that could be potentially exploited.

What You'll Bring:

• A Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent working experience.
• Minimum 3 years of experience managing a Vulnerability Management or similar Information Security teams
• Experience with ServiceNow SecOps, especially Vulnerability Response, including customization and integration with various tools
• Experience as a Product Owner or like role within an Agile development team, providing requirements for features and writing user stories
• A solid grasp of secure software development practices, encompassing threat modeling, risk assessment, and vulnerability management.
• Experience with network scanning tools such as Qualys or Rapid 7 and application scanning tools such as Veracode or Burp Suite
• Strong knowledge of pertinent industry standards and frameworks such as the OWASP Top Ten Project, NIST Cybersecurity Framework, and ISO/IEC 27001.
• Strong knowledge industry standards regarding vulnerability management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), OWASP, etc.
• Experience with performing vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools
• Ability to demonstrate knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets
• Outstanding communication and interpersonal skills, with the capacity to effectively convey intricate security concepts to both technical and non-technical stakeholders.
• Certifications like Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), and Certified Application Security Engineer (CASE) are highly regarded.

For local candidates, this role will be hybrid two days a week onsite in Santa Ana, CA. For out of area candidates, this role will be remote.

Pay Range: $94,798- $183,480 annual

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

What We Offer

By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.