Job Title Threat & Vulnerability Management Engineer
The Threat & Vulnerability Management Engineer will ensure the protection of The Pokemon Company International’s technologies and data to secure intellectual property and most importantly safeguard our customers’ personal information. This role is passionate about the detection and prevention of security threats, integrating security tools into daily operations, and incident response to protect company assets, customer-facing systems, and customer data.
What You’ll Do
- Establish and oversee Information Security’s Threat & Vulnerability Management (TVM) program.
- Manage TVM technologies and vendors such as vulnerability scanners, configuration management solutions, and third-party threat intelligence partners.
- Implement security solutions and tooling to ensure configuration requirements are met in disparate technology ecosystems (e.g. Cloud, on-prem, and end user devices).
- Develop key performance indicators (KPIs) around vulnerability, patch, and secure configuration management for communication to senior leadership.
- Align practices of threat, configuration, and patch management with required compliance standards and selected security frameworks.
- Manage endpoint security program and outline expected controls, including anti-malware, EDR, and other required technologies.
- Provide security expertise and consulting to partner teams in Tech and across the enterprise.
- Alongside the Information Security team, responsible for responding to and remediating security events / incidents.
- Collaborate with the Information Security team to ensure successful completion of our roadmaps and initiatives.
- Work leveraging an agile methodology by making iterative progress toward achieving individual, team, and organizational objectives.
What You’ll Bring
- 2-4 years of experience in Information Security
- 2-4 years of experience in related technology functions, such as infrastructure/cloud engineering.
- Experience using vulnerability management, scanners, cloud configuration solutions, IDS/IPS, firewalls/switches, and/or SIEM tools
- Experience in Windows systems management, macOS, and Linux/Unix tools, architecture, and security configurations/monitoring techniques.
- Experience using endpoint protection products (Carbon Black, Crowdstrike, etc.).
- BS Degree in Computer Science or Computer Engineering and/or equivalent working experience.
- Information Security certifications (CISSP, SANS GIAC, CISA, etc.) a plus.
- Offensive Security/Pen test certifications (OSCP, etc.) a plus
How You Will Be Successful
- Excellence (Quality): Achieving a standard of excellence with our work processes and outcomes
- Customer focus: Striving for high customer satisfaction, going out of our way to be helpful and pleasant
- Communication: Balancing listening and talking, speaking and writing clearly and accurately, influencing others, keeping others informed
- Collaborative: Being helpful, respectful, approachable and team oriented, building strong working relationships and a positive work environment
- Brand Ambassador: Understands the essence of Pokémon and core pillars, demonstrates friendship, community and good sportsmanship
- Innovative: Generates unique ideas that lead to solutions, champions change and takes initiative thinking of better ways to do things, embracing continuous improvement.
What to Expect
We offer a professional, fun and creative work environment. While we maintain a good balance between work and life, additional hours may be required at peak times or for specific initiatives.
The Pokémon Company International, a subsidiary of The Pokémon Company in Japan, manages the property outside of Asia and is responsible for brand management, licensing, marketing, the Pokémon Trading Card Game, the animated TV series, home entertainment, and the official Pokémon website. Pokémon was launched in Japan in 1996 and today is one of the most popular children's entertainment properties in the world.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of people so classified. All employees may be required to perform duties outside of their normal responsibilities from time to time, as needed.