After weeks of dealing with the aftermath of being hacked – making a trove of confidential and embarrassing information public – Sony advertised for a "Director of Vulnerability Management" on their official website.
The job was posted on their website on December 19. Here is what they're looking for in applicants:
Sony Corporation of America (SCA) is seeking a Director of Vulnerability Management Engineering, to join the Global Information Security and Privacy organization in Northern Virginia area. This position will report to the Senior Director, Security Engineering, and be a part of the team responsible for establishing a unified enterprise security architecture to secure Sony's information assets, services, and the products that depend on them, building trust with customers and stakeholders, and protecting the privacy of Sony's customers and employees.
Unify and enhance Sony's global information security architecture, to include a cohesive vulnerability management strategy encompassing all Sony Group companies
Serve as a technical security subject matter expert and advisor for global information security priority initiatives
Lead multiple teams of highly technical engineers and developers, providing thought leadership, career development, mentorship, and technical guidance
Oversee the development of vulnerability management systems, initiatives, integration, and technical assessment support
Lead teams and coordinate efforts or initiatives for penetration testing, system and application vulnerability management, overall technical risk assessments, and hunting operations
Develop and refine global information security technical standards, guidelines, and training
Support coordination of budgetary planning activities for Sony Group company expenditures related to information security tools and services, to include leadership of enterprise mid-range planning activities
Support the management, planning and execution of the global security engineering budget
Assemble and lead diverse sets of information security experts and stakeholders in the formulation of unified information security requirements and architecture standards for Sony's most critical global projects and contracts
Serve as a subject matter expert performing intra-company advisory services related to security architecture strategy and technology implementation
So if you have "expert-level knowledge of advanced persistent threats" and these other qualifications, then Sony wants to hear from you.
Minimum of ten (10) years of experience in information security
Minimum of five (5) years of experience in penetration testing/red teaming
Master's degree in an appropriate field, such as Computer Science, or equivalent experience
Experience developing and refining threat-informed defense-in-depth security architectures
Expert-level knowledge of prevalent operational security tactics and techniques (vulnerability exploits and countermeasures, remote access trojans and related persistence techniques, social engineering, etc.)
Expert-level knowledge of advanced persistent threats
Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise language
Ability to collaborate and communicate effectively and tactfully with both business-oriented executives and technology-oriented personnel
Ability to negotiate compromise between diverse parties with competing equities
Ability to work independently in unstructured situations
Rossalyn Warren is a senior reporter for BuzzFeed News and is based in London.
Contact Rossalyn Warren at email@example.com.
Got a confidential tip? Submit it here.