Vulnerability Management Specialist
Real Matters
Markham, ON
6d ago

You are an established information systems risk professional with foundational knowledge in a range of technologies and hacking techniques that allows you the breadth to make well informed risk assessments.

You make recommendations in order to devise & drive a vulnerability management program that ensures business & technology leadership knows the risks, the remediation priorities are defensible and remediation takes place in a timely fashion.

You are organized and process oriented, able to think and work holistically across a range of teams to devise workable processes that map to compliance requirements but avoid undue burden on operations in order to best ensure that risks are identified early, assessed properly, escalated when needed and get treated.

The purpose of the role is to ensure that Real Matters and its suppliers operate all platforms in a risk conscious and acceptable posture to minimize risks of intrusion, disruption, theft or misuse.


  • Take control over existing vulnerability management processes, review, assess and plan a new and better program in consultation with security and technology leadership
  • Ensure regular vulnerability assessment of all technology platforms prioritized by system risk, with a focus on automation of both assessment and reporting
  • Establish and chair a vulnerability management committee to review system state both tactically and strategically with the relevant technology SME and technology management personnel
  • Build and deliver risk reporting for SME, intermediate and executive audiences to ensure remediation efforts are aligned to leadership risk comfort and appropriately resourced
  • Maintain the Asset Inventory and interface with technology operations teams to ensure it remains current, covering not just platforms but applications, software, business purpose and ownership information
  • Devise & track appropriate metrics and Key Risk Indicators by which success of the program can be assessed
  • Keep up with technology team priorities and projects to ensure remediation efforts are not dropped without appropriate risk acceptance for any unplanned delays outside of normal operating procedures
  • Select / recommend vendors for periodic independent penetration tests and orchestrate testing logisitics once approved
  • Take ownership of technology hardening standards and drive out improvements to fleet configuration state, ensuring risk appropriate scanning & reporting of actual state
  • Lead monitoring of vulnerability news and own processes for escalation of critical / high risk exploits for priority technology team action, including notifying and requiring appropriate confirmation from suppliers who may put Real Matters at risk of a compromise
  • Be prepared to play other parts of the security team to assist colleagues in areas such as access review, SIEM monitoring, incident response, governance, risk assessment & client compliance requests
  • Be on-call periodically in rotation to respond to occasional escalated after-hours high risk security alerts via the security operations centre
  • Maintain program documentation in a state ready to show off to major enterprise client organziations
  • In client relationships, always represent Real Matters Technology in a professional and diplomatic manner with the highest level of integrity, always having the interests of clients and Real Matters and its subsidiaries as top priorities
  • Education and Training Required

  • Undergraduate degree or equivalent
  • 3+ years of experience in an information security operational role
  • Solid understanding of technology risk assessment methodologies such as CVSS, OWASP, & Lockheed-Martin Kill Chain
  • Any well recognized security certification bonus if in hacking / PEN testing
  • Solid understanding of TCP / IP v4 and v6, IP layers, protocols
  • Optional Skills and Expertise

  • Rapid7 InsightVM, Qualys VM and WAS
  • Systems operational experience in some or all of Windows, Linux, Cisco, Sonicwall, Citrix, Tomcat, MySQL, MSSQL, IIS, TLS / SSL
  • Knowledge of PCI DSS, NIST CSF and CIS Top 20 control requirements in this space
  • Penetration testing experience / skills / qualifications
  • Scripting or coding skills to automate common tasks, avoid drudgery and human error
  • Skills and Expertise Required

  • Excellent communication skills, written and spoken crafted appropriate to either technical or non-technical audiences to achieve desired outcomes / decisions / actions
  • Ability to map clear, workable and repeatable processes that ensure compliance and risk requirements are met
  • About Real Matters

    Serving the North American mortgage industry through its Solidifi offering and the property and casualty (P&C) insurance industry through its iv3 CUS business, Real Matters creates powerful insights into residential and commercial properties.

    Leveraging its cloud-based technology platform, redihive™, the organization provides its customers with subject matter expertise gathered through partnerships with more than 26,000 field agents, comprised of Solidifi independent appraisers as well as iv3 insurance inspectors.

    Established in 2004, Real Matters has its Canadian head office in Markham, Ontario and U.S. head office in Buffalo, NY.

    Add to favourites
    Remove from favourites
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form