Threat and Vulnerability Management Analyst

About SHEIN 

SHEIN is a global online fashion and lifestyle retailer, offering SHEIN branded apparel and products from a global network of vendors, all at affordable prices. Headquartered in Singapore, with more than 15,000 employees operating from offices around the world, SHEIN is committed to making the beauty of fashion accessible to all, promoting its industry-leading, on-demand production methodology, for a smarter, future-ready industry. 

 

Position Summary

SHEIN Global Security and Risk Management (GSRM) is a global security organization that oversees security infrastructure, risk management, data privacy, business fraud, governance, and regulatory compliance across SHEIN’s global footprint. It is composed of a team of security professionals, innovators and thought leaders that have had decades of global security experience, led large scale transformations, and served in Fortune 500 executive roles.

We're seeking a full-time Threat and Vulnerability Management Analyst (Official title: Vulnerability Management Engineer I) for our San Diego-based office hub, who will be responsible for assessing systems and networks within the organizational environment or specific enclave, identifying deviations from acceptable configurations, enclave policies, or local policies. This role measures the effectiveness of the defense-in-depth architecture against known vulnerabilities.

The TVM Analyst ensures that all production security controls and technologies operate in compliance with established policies and service level agreements (SLAs) across all aspects of the security operating framework.

A successful analyst should possess a strong technical understanding of application, host, and network security practices, along with core TVM knowledge, skills, and abilities. They must be familiar with security industry standards and best practices and collaborate effectively with development, engineering, and operational teams. This role requires working across a broad and deeply technical environment typical of the e-commerce and technology sectors.

 

Job Responsibilities

• Conduct vulnerability scans using enterprise vulnerability scanners, analyze generated reports, and validate potential findings.
• Track and provide metrics and insights on vulnerabilities and remediation.
• Provide technical assistance to owners of the impacted systems and applications to prioritize remediation and/or mitigation of vulnerabilities.
• Implement and utilize automation to improve processes.
• Gather and assess vulnerability and threat information from various internal and external sources.
• Generate and manage asset inventory reports.
• Ensure organization adheres to vulnerability management processes and standards.
• Support, maintain and integrate the vulnerability management solutions with other cybersecurity and ticketing technologies.
• Other duties as assigned.
• Sustain high-availability service levels and ensure fulfillment of business-wide service levels and operational support objectives.
• Demonstrates continuous effort to improve operational performance, streamline work processes and work cooperatively and provide quality seamless customer service.

 

Job Requirements

• Bachelor’s degree or higher in the field of engineering, computer science or equivalent advance technology field of study is preferred. Equivalent professional experience may be substituted in lieu of education.
• Relevant cyber security certifications, such as CISSP and GIAC are highly desired.
• 2+ years of hands-on Information Security experience within a large enterprise preferred.
• Comprehensive understanding of Vulnerability Management capabilities and functions.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of how traffic flows across the network and OSI model.
• Experience with vulnerability scanning technologies, e.g. Tenable, Rapid7, Qualys.
• Experience with penetration testing principles, tools, and techniques.
• Experience using enterprise ticketing technologies, e.g. ServiceNow.
• Knowledge and experience in validating and triaging vulnerabilities.
• Assertive, proactive attitude to assist with and solve challenging issues.
• Stays current with new and existing vulnerabilities, threat intelligence and related news.
• Experience with languages like Python, Powershell, GoLang, or others.
• Ability to participate in cross functional teams, including global remote resources.
• Must possess the ability to understand new concepts quickly and apply them in an evolving environment while contributing to the development of new processes.
• Ability to work independently or in a team environment is essential as is the ability to work extended hours as required.
• High level of personal integrity, with the ability to professionally handle confidential matters and exudes the appropriate level of judgment and maturity
• Must be able to support on-call, escalation and high-paced/ fast tempo operating environment.

 

Benefits and Perks 

• Bonus and RSU eligible
• Healthcare (medical, dental, vision, prescription drugs) 
• Health Savings Account with Employer Funding 
• Flexible Spending Accounts (Healthcare and Dependent care) 
• Company-Paid Basic Life/AD&D insurance 
• Company-Paid Short-Term and Long-Term Disability 
• Voluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident) 
• Employee Assistance Program 
• Business Travel Accident Insurance 
• 401(k) Savings Plan with discretionary company match and access to a financial advisor  
• Vacation, paid holidays, floating holiday and sick days   
• Employee discounts 
• Free weekly catered lunch 
• Dog-friendly office (available at select locations) 
• Free gym access (available at select locations) 
• Free swag giveaways 
• Annual Holiday Party 
• Invitations to pop-ups and other company events 
• Complimentary daily office snacks and beverages

 

#LI-CR1