Principal Engineer, Vulnerability Management

Sony Corporation of America, located in New York, NY, is the U.S. headquarters of Sony Group Corporation, based in Tokyo, Japan. Sony's principal U.S. businesses include Sony Electronics Inc., Sony Interactive Entertainment LLC, Sony Music Entertainment, Sony Music Publishing and Sony Pictures Entertainment Inc. With some 900 million Sony devices in hands and homes worldwide today, a vast array of Sony movies, television shows and music, and the PlayStation Network, Sony creates and delivers more entertainment experiences to more people than anyone else on earth. To learn more: www.sony.com/en.

POSITION SUMMARY

Sony Corporation of America (SCA), is seeking a Principal Engineer, Vulnerability Management to join the Corporate Information Security Division in Reston, VA. This position will report to the Senior Manager, Vulnerability Management, and be a part of the team responsible for establishing a unified approach to vulnerability reporting to secure Sony's information assets, services, and the products that depend on them, building trust with customers and stakeholders, and protecting the privacy of Sony's customers and employees.

JOB RESPONSIBILITIES

• Leads the resolution of security challenges, drawing upon the expertise of relevant security subject matter experts for strategic technical guidance and engaging with internal stakeholders, as needed.

• Advise/Aids in defining and establishing the best practices for vulnerability assessment processes and solutions within the security teams.

• Propose and/or build solutions/capabilities within the scope of Vulnerability Management to further improve the Vulnerability Management Program (e.g., automation, data analysis, process development)

• Lead key projects such as vulnerability prioritization to remediate critical key vulnerabilities (and help with reporting via GISO Monthly Sync).

• Automate existing manual processes to create improved processes and faster delivery across ITD teams.

• Partner with application and infrastructure owners to provide consulting on vulnerability remediation to allow them to appropriately remediate large highly complex vulnerabilities within the SLA (service level agreement) and reduce risk.

• Perform vulnerability assessments and common baseline control scans across the environment and report on Key Risks Indicators (KRIs). Create presentations based off KRI materials and keep Management informed of them.

• Contributes highly innovative ideas and may lead large cross-functional teams, exercising independent judgment to solve unique and complex problems impacting the business.

• Implement new, and iterate on existing technology, to help identify and mitigate security issues.

• Maintain awareness of the latest emerging threats and exploitation vectors and provide awareness to internal teams, leadership, and Sony Group company stakeholders on changes to the cyber threat landscape.

• Support projects to improve data collection, interpretation processes and initiatives regarding threat intelligence and information security.

• Prepare detailed analysis reports, products, cyber threat assessments, and briefings of security incidents and related intelligence for GSIRT and its stakeholders.

• Honesty, trustworthiness and ethical conduct are material requirements for the responsibilities outlined above

• Minimum of seven (7) years of experience in information security

• Bachelor's degree in an appropriate field, such as information technology or management, or equivalent experience

• Expert-level knowledge of information security vulnerability concepts

• Experience using threat intelligence tools and management platforms to identify, analyze and track cyber threats.

• Extensive knowledge of how vulnerabilities work and associated remediation techniques

• Deep understanding of network defense principles, common attack vectors, and attacker techniques

• Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise language

• Experience with scripting and automating processes

• Knowledge of the MITRE ATT&CK Framework, Cyber Kill Chain, Diamond Model of Intrusion Analysis, or other relevant network defense and intelligence frameworks preferred.

• Ability to exercise prudent judgment and discretion

• Ability to negotiate compromise between diverse parties with competing equities

• Ability to work independently in unstructured situations

• Ability to manage multiple projects simultaneously that involve key stakeholders across a globally-distributed and federated enterprise

• Ability to travel internationally as required, up to 15%

• All candidates must be authorized to work in the USA

Sony is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, sex (including pregnancy), gender, national origin, citizenship, ancestry, age, physical or mental disability, military status, status as a veteran or disabled veteran, sexual orientation, gender identity or expression, marital or family status, genetic information, medical condition, or any other basis protected by applicable federal, state, or local law, ordinance, or regulation.

Disability Accommodation for Applicants to Sony Corporation of America

Sony Corporation of America provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in job application procedures. For reasonable accommodation requests, please contact us by email at careers@sonyusa.com or by mail to: Sony Corporation of America, Human Resources Department, 25 Madison Avenue, New York, NY 10010. Please indicate the position you are applying for.