Get ai-powered advice on this job and more exclusive features.
direct message the job poster from petco
our vision at petco is healthier pets. Happier people. Better world. We’re making things better for pets, people, and the planet through our think adoption first philosophy, the petco foundation, and other important initiatives that focus on putting animals first, educating pet parents, and reducing our carbon footprint. The journey starts with knowledgeable, passionately engaged associates who are proud to recommend petco as a place to work, who believe in our vision and who are committed to delivering a superior customer experience.
from our retail stores and our network of distribution centers to our corporate offices, you'll work with others who share your values and commitment. We seek individuals who are passionate about animal welfare, have great people skills and are driven to grow and advance in their careers with us. Our ongoing growth is creating exceptional opportunities for professional development and personal enrichment throughout our organization.
role overview
we are looking for a hands-on security engineer to lead vulnerability management and pki operations within the information security operations team. This role will own vulnerability scanning across our data center, endpoint, and cloud vm environments and drive remediation through partnerships with infrastructure teams. In addition, the role will oversee the lifecycle of public-facing ssl/tls certificates and contribute to automation and process maturity around pki.
the ideal candidate brings experience managing tenable or similar platforms, understands patching cycles across hybrid infrastructure, and is well-versed in certificate management using tools like sectigo or digicert. A working understanding of internal ca/pki principles is a plus.
responsibilities
vulnerability management
· own day-to-day operation of the tenable platform: scan schedule, tagging, health checks, credential management and reporting.
· drive remediation of vulnerabilities by partnering with infrastructure teams.
· supports the end-to-end vulnerability process, including reporting of vulnerabilities and escalation of critical vulnerabilities.
· document security guidance, process and policy around the vulnerability management program.
· coordinate monthly patch guidance and vulnerability meetings for on-prem and cloud teams.
· maintain scan health and results from vulnerability management platforms.
· oversee asv (approved scanning vendor) scans for pci compliance:
· conduct network and web application scans.
· validate and submit quarterly asv reports, including dispute documentation for false positives or out-of-scope findings.
· manage remediation and tracking for eol (end-of-life) systems across on-prem and cloud environments.
pki & certificate management
o oversee certificate lifecycle, including expiration review, issuance, renewals, and support requests.
o automate certificate management processes where possible.
· process public ssl certificate requests via servicenow.
· perform monthly audits of cert expiration and maintain active monitoring of managed certs.
· support certificate issuance from digicert (e.g., verified mark certificates).
· possess working knowledge of internal ca security best practices; may contribute to internal ca processes.
qualifications
· 3+ years of experience in it security or infrastructure with a focus on vulnerability and certificate management.
· hands-on experience with tenable, qualys, or similar vulnerability management platforms.
· experience managing ssl/tls certificates via sectigo, digicert, or similar certificate lifecycle platforms.
· solid understanding of vulnerability prioritization, remediation workflows, and patch cycles across on-prem and cloud systems.
· working knowledge of internal pki/ca principles and public key infrastructure best practices.
· familiarity with pci dss asv requirements and scan dispute/resubmission processes.
· ability to work cross-functionally and lead vulnerability remediation efforts with distributed teams.
· strong documentation, communication, and coordination skills.
preferred skills
· experience with external attack surface management tools.
· understanding of eol system risk, tracking, and remediation coordination.
· security certifications such as security+, cysa+, cissp, or giac gsec, crisc, etc.
· bachelor's degree in cybersecurity, information technology, or related field.
seniority level
* seniority level
mid-senior level
employment type
* employment type
full-time
job function
* industries
retail
referrals increase your chances of interviewing at petco by 2x
sign in to set job alerts for “program specialist” roles.
docente de ingles para preescolar y primaria
asistente administrativa (amexhe, apaseo el grande)
we’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of ai.
#j-18808-ljbffr