Sr. Threat and Vulnerability Management Engineer

Built on meritocracy, our unique company culture rewards self-starters and those who are committed to doing what is best for our customers.

It's an exciting time to join Brown & Brown!  Our business is growing both in North America and internationally which emphasizes the need to build an unparalleled team that promotes future growth. We're excited to continue solidifying that foundation as we are looking for a Senior Threat and Vulnerability Engineer to join our growing team in Daytona Beach, Florida.

As a Senior Threat and Vulnerability Management Engineer, you will oversee our vulnerability management program and ensure our systems' integrity and security. You will be the operational expert in utilizing and managing all Qualys modules to identify and prioritize the remediation of vulnerabilities across our organization. You will work with internal and external security testing groups to coordinate regular red team testing of Brown & Brown assets.

Who We Are:  Brown & Brown, Inc. is a growing global insurance brokerage firm delivering risk management solutions and services since 1939.  Our unique culture is built on honestly, integrity, innovation and discipline and defines who we are and how we treat our customers, teammates and the communities we serve.  We think of ourselves as a team, so we have teammates---not employees.  We prioritize health, family, and business---in that order.  We embrace and celebrate diversity, always striving to be an inclusive place where you have the power to be yourself.  Traded on the New York Stock Exchange as BRO, Brown & Brown is a big company that doesn’t act like one.

Who We Are Looking For:  We are looking for passionate team players who believe in working hard and having fun in a collaborative environment.  Our team is customer-focused and values the importance of strong relationships, professionalism, and trust.  We embrace solutions-oriented big thinkers who are committed to results and aren’t afraid to take risks.  We are driven to set goals high and aim even higher.

General Responsibilities:

• Lead the development, implementation, and optimization of our vulnerability management program.

• Utilize Qualys to perform regular scans, assessments, and penetration tests to identify vulnerabilities in our systems, networks, and applications.

• Collaborate with cross-functional teams to prioritize and remediate vulnerabilities promptly.

• Develop and maintain a comprehensive inventory of assets and their associated vulnerabilities.

• Create and maintain documentation related to vulnerability management processes and procedures.

• Monitor industry trends and emerging threats to enhance our vulnerability management strategies.

• Conduct threat modeling and risk assessments to prioritize vulnerabilities based on potential impact and exploitability.

• Provide guidance and mentorship to junior team members in vulnerability management best practices.

• Ensure compliance with industry standards and regulatory requirements related to vulnerability management.

• Knowledge of various security technologies such as vulnerability assessment tools, SIEM, firewalls, proxies, network and host-based intrusion prevention, DLP, etc.

• Integrate and leverage threat intelligence sources & partners to maintain an understanding of emerging security threats and advanced threat actor's capabilities.

• Assist in selecting, implementing, and managing systems, tools, and processes to keep the firm at the leading edge of security. This includes a continually evolving inventory of gaps to be mitigated and formulating a proactive strategy to evaluate and implement mitigating technologies.

• Remain current on emerging security threats and technologies.

• Prepares status reports on security matters to develop security risk analysis scenarios and response procedures.

Required Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).

• Minimum of 7 years of experience in cybersecurity, with a focus on threat and vulnerability management.

• At least 5 years of hands-on experience engineering and managing Qualys, including all Qualys modules.

• Expert understanding of vulnerability assessment tools, methodologies, and best practices.

• Knowledge of industry standards and frameworks such as CVE, CVSS, CWE, and NIST.

• Excellent analytical and problem-solving skills.

• Strong communication and interpersonal skills to collaborate effectively with cross-functional teams.

• Industry certifications such as CISSP, CISM, or CEH are a plus.

• Ability to work independently and manage multiple tasks in a fast-paced environment, organizing and prioritizing as needed to accomplish goals.

• Knowledge of protocol analysis and tools (e.g., Wireshark, Nessus, Gigastor, Netwitness, etc.).

• Working knowledge of current cyber threat landscape (e.g., threat actors, APT, cyber-crime, etc.).

• Working knowledge of Windows and Unix/Linux, Firewall, and Proxy technology.

• Knowledge of malware operation and indicators.

• Knowledge of forensic techniques.

• Knowledge of penetration techniques.

• Thinks both tactically and strategically.

• Manages uncertainty well – able to assess and act with good enough but imperfect or incomplete information.

• Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level.

• Possess a blue-collar work ethic with the willingness to wear many proverbial 'hats' and have a flexible outlook towards your work.

• Be competitive and have a performance-based drive to succeed, including self-sufficiency and the ability to work as part of a team.

• Have a passion for cybersecurity.

What we offer:    

• Excellent growth and advancement opportunities

• Competitive pay based on experience

• Discretionary Time Off (DTO)

• Generous benefits package: health, dental, vision, 401(k), etc.

• Employee Stock Purchase Plan

• Tuition Reimbursement and Student Loan Repayment Assistance

• Mental Health Resources

We are an Equal Opportunity Employer. We take pride in the diversity of our team and seek diversity in our applicants.