Cybersecurity Engineer
Raleigh, North Carolina
Genworth
At Enact Mortgage Insurance (Nasdaq: ACT), we understand that there is no place like home. That is why we bring our deep expertise, insightful offerings, and extra mile service to work every day to help lenders put more people in homes and keep them there.
We are looking for a Cybersecurity Engineer in Raleigh, NC to join us in fulfilling our mission, while using our values of excellence, improvement, and connection. In this role, you will assume responsibility for enhancing our technical security vulnerability management processes with an emphasis on finding, triaging, coordinating, and addressing code, configuration, and patch related security vulnerabilities within our application delivery pipelines and in production, within cloud and on-premises.
WHY WORK AT ENACT
We bring innovative thinking to the situations at hand.
We seek out and incorporate diverse views to strengthen our outcomes.
We work on challenging and rewarding projects.
We offer competitive benefits:
Hybrid work schedule (shared in-office days Tuesdays – Thursdays)
Generous Time Off
40 Hours of Volunteer Time Off
Tuition Reimbursement and Student Loan Repayment
Paid Family Leave and Flexible Spending Accounts
401k with up to 5% employer match
Fitness and Emotional Wellness Reimbursements
YOUR RESPONSIBILITIES
Vulnerability Discovery and Management: Lead the effort to find security vulnerabilities across the organization's assets, including servers, web services, network devices, cloud infrastructure, and SaaS applications. This includes implementing and supporting security scanning tools such as Tenable, Amazon Inspector, SAST, and DAST, and conducting manual penetration tests when necessary.
Triage and Prioritization: Evaluate identified vulnerabilities to figure out their nature, urgency, and potential impact. Work with technical and operational teams to categorize and prioritize vulnerabilities based on their refactored risk level, assigning proper response measures from immediate fixes to compensating controls.
Technical Remediation: Collaborate with development, operations, and technology teams to address vulnerabilities in code, configurations, patches, and third-party libraries. Ensure proper mitigations are in place, including refactoring code, adjusting configurations, applying patches, or implementing compensating controls.
Process Optimization and Reporting: Set up and manage an ongoing vulnerability management process that includes tracking, reporting, and communication mechanisms. Generate regular dashboards, reports, and updates for stakeholders and executives, ensuring compliance with regulatory requirements such as NY DFS, SOX, and SOC 2, and addressing specific customer needs.
Continuous Improvement: Drive continuous improvement initiatives to optimize the technical security vulnerability management process. This includes refining the scope of scanning activities, expanding the vulnerability database, and enhancing collaboration with development and infrastructure teams to find and address vulnerabilities earlier in the application and infrastructure delivery process.
Success in the First Year:
Success for the Cybersecurity Engineer in the first year will include the establishment of a robust and efficient vulnerability management program that encompasses the full lifecycle from identification to remediation and reporting. This includes effectively integrating security tools and procedures into application delivery pipelines, reducing the time to detect and remediate vulnerabilities. Additionally, the engineer will have developed a comprehensive reporting and communication structure, offering clear insights into the organization's security posture, meeting regulatory requirements, and achieving measurable improvements in reducing vulnerabilities across critical assets.
YOUR QUALIFICATIONS
Required:
An undergraduate degree in cybersecurity or equivalent and relevant industry experience.
10+ years in cybersecurity with a strong emphasis on technical security vulnerability management, including penetration testing.
Demonstrated ability to educate an engineering audience about technical application security vulnerabilities, i.e., OWASP Top Ten, OWASP API Security Top 10.
Adept in a data-driven approach for decision-making and a risk-based mindset to prioritize and address security concerns effectively.
A clear understanding of the business impact of security and the ability to align security strategies with business goals.
Excellent communication and people skills, capable of engaging effectively with various functional areas.
Analytical and problem-solving abilities.
Preferred:
Strong understanding of AWS and Azure cloud services and experience finding and addressing security vulnerabilities within cloud platforms and workloads.
Experience in DevSecOps practices, particularly in automating security testing within CI/CD pipelines and conducting static and dynamic code analyses.
COMPANY
Enact is a leading publicly traded U.S. private mortgage insurance provider, offering borrower-centric products that enable lenders and other partners across the U.S. to help people responsibly achieve and maintain the dream of homeownership.
By empowering customers and their borrowers, Enact seeks to positively impact the lives of those in the communities in which it serves in a sustainable way. Headquartered in Raleigh, North Carolina, we play an active role in supporting a healthier Triangle community. We also support our colleagues’ philanthropic efforts in their home communities across the U.S.
Enact values all perspectives, characteristics and experiences, and DEI remains at the forefront of what we do. We strive to create an environment where employees can bring their full, authentic selves to work to help each other and their customers.
We are proud to be an equal opportunity employer and all hiring decisions are based on merit, qualifications, and business needs. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security AWS Azure CI/CD Cloud Compliance DAST DevSecOps OWASP Pentesting SaaS SAST SOC SOC 2 SOX Vulnerabilities Vulnerability management
Perks/benefits: 401(k) matching Fitness / gym Flex hours Flex vacation Home office stipend Insurance Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open Senior Network Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open DoD-related jobs