The Marriott Enterprise Vulnerability Management group oversees attack surface reduction across a wide range of corporate, cloud, data center, and property locations. Our team members are passionate about protecting our data, systems, and service delivery functions across the globe against a broad range of adversaries. The Senior Manager, Vulnerability Management, Solutions Support functions as an individual technical expert as part of a team that maintains Marriott vulnerability management solu... more details
Job Number 24074556
Job Category Information Technology
Location Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States VIEW ON MAP
Schedule Full-Time
Located Remotely? Y
Relocation? N
Position Type Management
JOB SUMMARY
The Marriott Enterprise Vulnerability Management group oversees attack surface reduction across a wide range of corporate, cloud, data center, and property locations. Our team members are passionate about protecting our data, systems, and service delivery functions across the globe against a broad range of adversaries. The Senior Manager, Vulnerability Management, Solutions Support functions as an individual technical expert as part of a team that maintains Marriott vulnerability management solutions, responsible for implementing, managing, and optimizing vulnerability management tools within the Marriott environment. This role ensures the successful operation of vulnerability assessment and reporting activities by monitoring the operations of solutions, identifying issues that could lead to operational disruptions, performing regular and ad hoc maintenance, and troubleshooting and resolving issues. It requires participating in designing, building, and maintaining integrations between various Marriott and third party applications. Maintaining operational and technical documentation related to the operational lifecycle of supported solutions is required, as is identifying improvements to ensure the inclusion of appropriate quality of delivery and compliance with security policy and regulations. This task area requires in-depth technical knowledge in web application assessment, computer network theory, IT standards and protocols, operating system management, and application programming interfaces, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation.
CANDIDATE PROFILE
Required Education and Experience:
- Bachelor’s degree technology, information security or related field or the equivalent combination of experience and certifications
- 7+ years of information security experience that includes knowledge of general security concepts such as defense in-depth and risk-based security management.
- 5+ years’ in-depth experience with vulnerability management concepts and methodologies.
- 3+ years’ experience with vulnerability assessment and reporting, including comprehensive understanding of vulnerability management methodologies and procedures, web application assessment, threat assessment, and remediation management,
- 3+ years’ experience implementing, managing and maintaining enterprise vulnerability assessment or web assessment technologies, including scan, sensor, and settings management.
Preferred Experience:
- Experience with Burp Suite Enterprise
- Working knowledge of manual and automated web application assessment techniques
- Experience with solutions deployment in on-premises and SaaS models
- Experience with enterprise vulnerability reporting tools, such as Kenna Security, and experience with vulnerability workflow solutions, such as ServiceNow
- Working knowledge of interacting with API data sources
- Working knowledge of Python with experience in automation, API access, and data management
- Knowledge of SEIM and SOAR solutions and their role in enterprise security solutions infrastructure
- Experience managing medium to large projects involving multiple teams in a technical lead role
- Familiarity with attack and exploitation techniques commonly seen in an enterprise environment
Expected Contributions:
- Ensure the successful deployment and operation of vulnerability management web assessment solutions
- Assist in the successful operation of vulnerability management reporting solutions, including Kenna Security
- Develop and maintain integrations between vulnerability assessment solutions, vulnerability reporting solutions, and related solutions as needed
- Assist with developing reporting and providing analysis around enterprise web assessment data
- Ensure that organization core values and culture are embedded into all aspects of the position’s work.
- Work with key stakeholders throughout the organization to build relationships based on an understanding of stakeholder needs and actions consistent with the company’s service standards
- Provide reporting and analysis to demonstrate program effectiveness, drive improvements in maturity and stakeholder awareness, and develop strategic improvements
- Guide and develop team members in technical skills
- Use organizational assessment, reporting, workflow, and communications solutions to fulfill responsibilities of the role and of the team
- Work with third-party providers to assess, report, remediate, and measure the effectiveness of team objectives
Maintaining Goals
- Submits reports in a timely manner, ensuring delivery deadlines are met.
- Promotes the documenting of project progress accurately.
- Provides input and assistance to other teams regarding projects.
Managing Work, Projects, and Policies
- Manages and implements work and projects as assigned.
- Generates and provides accurate and timely results in the form of reports, presentations, etc.
- Analyzes information and evaluates results to choose the best solution and solve problems.
- Provides timely, accurate, and detailed status reports as requested.
Demonstrating and Applying Discipline Knowledge
- Provides technical expertise and support to persons inside and outside of the department.
- Demonstrates knowledge of job-relevant issues, products, systems, and processes.
- Demonstrates knowledge of function-specific procedures.
- Keeps up-to-date technically and applies new knowledge to job.
- Uses computers and computer systems (including hardware and software) to enter data and/ or process information.
Delivering on the Needs of Key Stakeholders
- Understands and meets the needs of key stakeholders.
- Develops specific goals and plans to prioritize, organize, and accomplish work.
- Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
- Collaborates with internal partners and stakeholders to support business/initiative strategies
- Communicates concepts in a clear and persuasive manner that is easy to understand.
- Generates and provides accurate and timely results in the form of reports, presentations, etc.
- Demonstrates an understanding of business priorities
Additional Responsibilities
- Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner.
- Demonstrates self-confidence, energy and enthusiasm.
- Informs and/or updates leaders on relevant information in a timely manner.
- Manages time effectively and conducts activities in an organized manner.
- Presents ideas, expectations and information in a concise, organized manner.
- Uses problem solving methodology for decision making and follow up.
- Performs other reasonable duties as assigned by manager.
California Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually.
Colorado Applicants Only: The salary range for this position is $96,038.00 to $190,154.00 annually.
Hawaii Applicants Only: The salary range for this position is $116,205.00 to $209,169.00 annually.
New York Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually.
Washington Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus. Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.
All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.
The application deadline for this position is 28 days after the date of this posting, 04/29/2024.
Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.
Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed.
Be where you can do your best work,?
begin your purpose,
belong to an amazing global? team, and
become the best version of you.