Appian is seeking a Senior Vulnerability Management Specialist to join our Information Security Team.  The ideal candidate will have a passion for cyber-security awareness and vulnerability management. In this role, the Vulnerability Management Specialist will be responsible for developing and deploying a new Vulnerability Management program. As such they will become the system architect for the future in cloud security. Working with existing Engineering and Security teams, this role will take ownership of all vulnerability management process and documentation. This will include revising existing models and developing new innovative methodologies of managing vulnerabilities and reporting. A strong skill and desire for automation is required here and will be key to deploying the future of cyber-security management. This individual will also be responsible for building a team to design, deploy, and run next iteration of vulnerability management.

Responsibilities

  • Establish, maintain and communicate a clear and comprehensive IT Vulnerability Management program aligned to standard framework(s) including but not limited to, FedRAMP, NIST 800-53, NIST 800-171, & DoD CC SRG
  • Direct cross-functional, cross-department teams in remediating security vulnerabilities, ensuring regular communication of status and work products mitigate the intended vulnerabilities.
  • Own the program as a leader and be the main point of contact and subject matter expert
  • Implement, define and improve policies, standards, and procedures of the Vulnerability Management service, including:
    • Vulnerability scanning
    • Vulnerability reporting
    • Coordination of patch management
    • Secure coding practices and testing
  • Identify systems vulnerabilities and provide proper consultation for remediation
  • Provide system administration support for vulnerability scanning and application testing technologies
  • Work with Cloud services teams to ensure standard systems development does not expand the threat landscape of the organization
  • Work with software development teams to ensure they are utilizing secure coding standards and code testing capabilities
  • Develop training programs for awareness within the organization and specialist training for targeted groups to stay up to date with new developments and requirements
  • Establish and drive metrics, analytics, reporting mechanisms and services, maturity models and a roadmap for continual program improvements.
  • Facilitate compliance with policies and external regulations
  • Maintain up-to-date understanding of technology trends and developments in the areas of information technology and security
  • Ability to drive execution of defined goals through effective interaction with IT services teams
  • Able to understand, design and develop threat mitigation strategy, prioritize identified threats, managing risks associated with threats
  • Keep abreast of relevant trends and threats, and translate these based on relevant threats and vulnerabilities

Other Duties

  • Work with Security Architecture & Engineering Support teams to determine solutions and propose plans to implement them.
  • Prepare formal reports and presentations of findings and recommendations
  • Author IT vulnerability guidelines, principles, policies, and standards for information / data stewards, stakeholders, and development teams

Preferred Experience

  • Experience executing security testing activities such as penetration testing and application/vulnerability assessments
  • Security knowledge across various security domains and technologies (e.g., databases, operating systems, networking, applications, access and identity management
  • Experience with Vulnerability management tools (i.e. Tenable, Qualys, Tripwire)
  • Experience in network infrastructure and security best practices
  • Experience with network firewalls
  • Understanding of Linux operating systems
  • Understanding of secure software development lifecycle from coding to deployment
  • Responsible for the management and strategy of documentation processes
  • Ability to identify and execute process improvement
  • Programming Skills in a least one interpreted language (PHP, Ruby, Python,)
  • Knowledge of CMMC NIST 800-171
  • Advanced understanding of NIST 800-53 and particle implementations, specifically around controls related to Vulnerability Management & Continuous Monitoring.
  • Familiarity with CUI requirements for unclassified IT systems a plus

About Us:

Appian helps organizations build apps and workflows rapidly, with a low-code automation platform. Combining people, technologies, and data in a single workflow, Appian can help companies maximize their resources and improve business results. Many of the world’s largest organizations use Appian applications to improve customer experience, achieve operational excellence, and simplify global risk management and compliance. Our employees create opportunities to drive hands-on impact both with our customers and throughout the organization, which creates an environment where meaningful work is met with career growth and opportunity. As a result, we are proud to have been recognized as a Washington Post Top Workplace for seven consecutive years. Simply put, we are changing the way businesses operate and our employees are to thank for Appian’s success.

Appian Corporation is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Further, Appian will not discriminate against applicants for inquiring about, discussing or disclosing their pay or, in certain circumstances, the pay of their co‐worker, Pay Transparency Nondiscrimination.  

If you need a reasonable accommodation for any part of the employment process, please contact us by email at ReasonableAccommodations@appian.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

#LI-AO1

Apply for this Job

* Required

  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Appian Corporation are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.