Senior Vulnerability Assessment Analyst

LastPass is looking for Senior Vulnerability Assessment Analyst:

As a member of the Trust & Security team, you'll play a key role in establishing a comprehensive and efficient vulnerability management program, empowering the organization to uphold the utmost levels of security and compliance. Your contribution will be instrumental in fostering a culture centered on security and resilience, as we strive to deliver the most secure and dependable services to all our customers.

If you are passionate about complex problem solving and motivated by scale, then this is the role for you!

Who will you work with?

You will be part of our Security Posture and Attack Surface Engineering & Research (SPASER) team, collaborating closely with the wider Trust & Security teams. You will also work closely with various engineering and operational teams across the organization as part of the vulnerability management lifecycle, to assist in the resolution of vulnerabilities and propose improvements to our security posture.

What are some of the exciting challenges you will be working on?

• Conducting regular vulnerability assessments across our organization's information systems, networks, and applications, both on-premise and in the cloud, using advanced automated scans and hands-on evaluation techniques.
• Delving deep into vulnerability scan results to uncover potential risks, threats, and vulnerabilities that could impact our organization.
• Crafting tailored testing strategies to tackle specific vulnerabilities or potential attack scenarios head-on.
• Crafting polished, easily understandable reports and sharing our discoveries with key stakeholders, including our IT, Platform, and Software Engineering teams.
• Offering expert recommendations for effective strategies to mitigate and resolve identified vulnerabilities.
• Ensuring the accuracy of our vulnerability assessment findings, meticulously verifying and validating results, including identifying false positives and negatives.
• Staying at the forefront of emerging threats, trends, and technologies in vulnerability management and cybersecurity, and adapting our methodologies accordingly.
• Actively supporting the ongoing enhancement of our vulnerability management tools, refining their selection, configuration, and optimization to ensure they efficiently detect vulnerabilities while minimizing false alarms.
• Keeping a vigilant eye on vulnerability status and trends over time to proactively address evolving threats.
• Establishing robust metrics and reporting systems to continually evaluate the effectiveness of our vulnerability management program and pinpoint areas for improvement.

What does it take to work at LastPass?

• Previous demonstrable experience in conducting vulnerability assessments and related security testing.
• Hands-on experience with leading vulnerability management tools, techniques, and methodologies in the industry.
• Experience working with cloud environments and containerized workloads, such as Docker and Kubernetes.
• Familiarity with vulnerability analysis in cloud native environments, including knowledge of cloud-specific security controls, best practices, and some experience with cloud security assessment tools and techniques.
• Proficiency in scripting languages and programming commonly used in vulnerability management, like Python, PowerShell, or Bash, is expected for developing and maintaining trade-craft tools.
• A passion for security and a talent for discovering security vulnerabilities.
• Strong critical thinking skills and an analytical mindset, paired with a commitment to continuously improving processes.
• Ability to work autonomously with minimal supervision, demonstrating self-motivation to achieve objectives and deliver results effectively.
• Effective written and verbal communication skills in English, with the ability to communicate and collaborate effectively with key stakeholders.

It's great, but not required:

• Familiarity with OWASP vulnerability management and security testing guides/standards.
• Cloud security focused certifications such as AWS Certified Security or other specialty certification or similar.