Information Security Vulnerability Management Engineer

Hilton Worldwide is one of the largest and fastest growing hospitality companies in the world, with more than 4,600 hotels, resorts and timeshare properties comprising more than 758,000 rooms in 100 countries and territories.

The Information Security Engineer for Vulnerability Management will be responsible for ensuring that the information security vulnerabilities across the global enterprise are identified, analyzed, monitored, and remediated in a timely manner that is proportionate to the risk involved. The Information Security Engineer for Vulnerability Management will be responsible for identifying information security vulnerabilities that could potentially be exploited and creating a remediation strategy with IT SMEs and business partners that resolves the potential risks involved. The Team Member will balance business priorities, information security risks, emerging threats, and best security practices to ensure the confidentiality, integrity, and availability of the Company's information assets. The Team Member will need to be a strong information security professional, able to recognize vulnerabilities, understand the associated risk, and develop an achievable and effective remediation and mitigation strategy.

* Strong security industry knowledge that evolves with current and emerging threats, as well as an ongoing understanding of key business and technological processes * Will play an important role in measuring potential risks against existing information security controls that enable Hilton Worldwide to operate efficiently and cost effectively, as well as maintain compliance * Responsible for assisting others in interpreting, understanding, and applying information security policies and standards to mitigate information security risks * Work closely with other members of the Information Security and Compliance organization in a collaborative and goal oriented manner * Configure and run vulnerability scans across the global enterprise, requiring a solid understanding of network topology * Configure and coordinate network and application penetration tests with outside providers * Assess vulnerabilities identified in scan reports and penetration reports to determine and rank risks * Assess threat advisories to determine vulnerability impact to the enterprise * Monitor patch rotation cycle to ensure critical security patches are deployed * Create remediation and mitigation strategies with IT SMEs and business owners to address and resolve business risks associated with vulnerabilities * Monitor remediation and mitigation progress to ensure vulnerabilities are addressed with a timeliness proportionate to the risks involved * Understand and stay abreast of the enterprise application and infrastructure technologies * Maintain a current understanding of information security threats and possible impacts to the global enterprise * Monitor, dispatch, and action on (as appropriate) information security requests

* BA/BS Bachelor’s Degree in Information Technology, Computer Science, Computer Engineering * A minimum of three (3) years of information security vulnerability management monitoring, analyzing, and reporting experience * A minimum of three (3) years of experience configuring vulnerability scans, network penetration tests, and application penetration tests * A minimum of three (3) years of experience analyzing vulnerabilities and creating technical remediation and mitigation strategies * A minimum of three (3) years of experience with security controls, including firewalls, IPS, network topologies and protocols, web content filtering and proxies, load balancers, access management systems, UNIX/LINUX, active directory, DNS, password management, DLP, logging, and SIEM * Ability to travel as required * It would be advantageous in this position for you to demonstrate the following capabilities and distinctions: * MA/MS Master’s Degree * Knowledge of hotel-based IT systems and applications * Advanced certifications such as CISSP, CISM, CEH, CWSP, GCWN, etc. * Experience with identity management, web application firewalls, and security event correlation and analytics