Caliber Home Loans, Inc. is one of the nation's fastest-growing mortgage lenders. We didn't move into the fast lane because of clever marketing campaigns or flashy television ads -- our talented employees worked hard to help us rise to the top of our industry.
Here at Caliber, we've replaced the stereotypical corporate culture with a casual "dress for your day" work atmosphere that promotes creativity and a collaborative environment that allows our team members to thrive.
Senior Security Architect will be responsible for leading program maturity efforts and initiatives in Vulnerability Management and Application Security functions within the Infosec Operations department. This includes, but is not limited to: driving improvements with vulnerability scanning automation; validation of vulnerability findings; asset/network discovery; regulatory scanning requirements; driving next generation security operations approaches/tools and producing automated dashboards to measure the effectiveness of the program.
* Assess, design, implement, automate, and document customer solutions leveraging Azure and other third-party solutions.
* Demonstrate architectures, methods and controls required to meet stringent compliance and audit requirements.
* Maintain tools like Rapid 7 Nexpose and Veracode used for conduction vulnerability scanning and application security testing
* Perform asset and network discovery activities, helping to ensure full coverage of Caliber Home Loans environment
* Perform network and application security scans using the latest scanner tools and methodology
* Perform system and application vulnerability testing
* Establish a strategy and framework for performing validation of scanning results
* Review, asses, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure
* Prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets
* Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach
* Collate security incident and event data to produce monthly exception and management reports
* Implement or coordinate remediation required by audits, and document exceptions as necessary.
* Developing program quality metrics as both program performance indicators and enterprise risk indicators
* Leverage firm inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress
* Integrate findings across infrastructure, web application, and static code security testing to provide a holistic security posture for assets
* Monitor security vulnerability information from vendors and third parties
* Helping to develop the firm's next generation vulnerability management program including formalized assessment criteria, integration with asset inventory, enterprise vulnerability scanning, and remediation tracking and governance.
* Manage the firm's penetration testing program by leveraging both in house staff and vendor expertise to identify weaknesses in technology, people or process.
* Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master's Degree preferred.
* Minimum 2 years of experience as an Cloud Security Engineer
* Atleast 2 years of experience as a Vulnerability Assessment Engineer, Application Security Specialist, Cybersecurity Systems Engineer, or equivalent.
* Ability to perform vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools
* Ability to demonstrate knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets
* Experience in deploying and operating vulnerability scanning infrastructure and services
* Previous hands on experience in application or network penetration testing
* Strong knowledge industry standards regarding vulnerability management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP)
* Have working experience and knowledge of Unix/Linux operating system.
* Ability to read, write and modify scripts for automation of vulnerability management tasks
* Knowledge of security auditing techniques
* Excellent verbal and written communication
* Strong analytical skills
* Strong team player with ability to take charge of their area of expertise
* Comfortable working outside their comfort zone with a willingness to learn
* Penetration Testing: SET Toolkit, War Dialing, VOIP testing, SQL Injection, Web Application Testing
* Vulnerability Assessment: Nexpose, Metasploit, Nessus, Qualys, Kismet, etc
* Web Application Testing: Veracode, App Scan, Hailstorm, Nikto, Grendel, Burpsuite, etc
* Database Testing: Scuba, SQLninja, AppDetectivePro, Havij, Mysqloit, SQLmap, etc
* Network Assessment: NMAP, Nipper, Wireshark, TCPdump
* Password Cracking: John the Ripper, Medusa, Cain, rainbow tables
* Experience reviewing audit logs utilizing SIEM tools
* Advanced knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols.
* Knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
* OSCP, OSWP, OSCE, and GIAC certifications a plus
Our employees demonstrate the Caliber Ways of Work (WOWS) every day through:
* Collaborating Contagiously
* Caring Fiercely
* Doing the Right Thing
* Leading Thoughtfully
Caliber benefits and perks will WOW you!
Our benefits package includes: comprehensive medical, dental, and vision insurance, short-term and long-term disability, 401(k),10 employer paid holidays, as well as numerous employee discount programs.
We are proud to be a military friendly employer, and provide paid leave during military assignments for employees who serve in the Guard or Reserve.
Employees who work at our Coppell headquarters experience additional perks that include: standing desks, complimentary coffee and tea stations, an on-site gym and activities center with ping-pong and pool tables, and an in-house café.
Caliber is an equal opportunity employer
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled