About The Company

About Pagoda

Pagoda is shepherding a future where NEAR becomes the blockchain operating system. We believe that re-inventing how software is made and distributed is our greatest opportunity to open economic access to those who are not fully integrated into the global economy. Our products empower people to find opportunity, invent new experiences, and collaborate. Let's build an Open Web world. A world where people control their assets, data, and power of governance.

We encourage people of all backgrounds to apply. Pagoda is committed to creating an inclusive culture, and we celebrate diversity of all kinds.

Job Short Description

About The Role

Pagoda’s growing security team is looking for a Senior Security Engineer to join our team and lead the establishment of a robust Vulnerability Management program. This position will be primarily responsible for designing, implementing and maintaining the vulnerability management program.  With experience across information security, with a proven track record of implementing security programs in complex environments you will be a valuable member of the team.

What You'll Be Doing

• Design, implement, and maintain a comprehensive vulnerability management program across the organization
• Develop & maintain vulnerability management services, including vulnerability scanning, vulnerability assessments, and tracking support for vulnerability remediation
• Build and maintain policies, standard procedures and guidelines for vulnerability management
• Conduct regular vulnerability scans, analyze results, and prioritize remediation efforts based on risk and impact
• Prioritize remediation tasks based on risk level, assign them to the relevant system owner, and monitor progress until completion
• Apply root cause analysis to identify and assess problems and key drivers of success, draw potential conclusions from complex data sets
• Stay up-to-date with emerging threats and vulnerabilities and adjust the vulnerability management program as needed to address new risks
• Generate ad hoc metrics and reports as requested, providing insight into the vulnerability management program's effectiveness
• Stay aware of current business and industry trends relevant to the business and cybersecurity
• Develop and document processes and procedures for team members to use and to enhance efficiencies
• Provide subject matter expertise and guidance to stakeholders across the organization on vulnerability management best practices

What We're Looking For

• Bachelor’s Degree or industry equivalent work experience in vulnerability management 
• 8-10 years experience in information security 
• Experience in establishing and implementing a successful vulnerability management program from the ground up
• Solid experience in information security with a focus on vulnerability management
• Strong technical knowledge of vulnerability scanning tools, vulnerability assessment methodologies, and industry-standard security frameworks (eg. NIST, CIS)
• Knowledge of Wiz, Eumeric, Tenable or Rapid7
• Understanding of vulnerability management processes and lifecycle
• Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions
• Strong analytical and problem-solving skills, ability to prioritize and manage multiple tasks and projects  
• Ability to examine issues both strategically and analytically
• Strong communication skills and ability to work with cross-functional and remote teams
• Ability to contribute to other Information security tasks and duties as required

We'd Love If You Have

• A passion for security and Web3
• Experience in a start-up environment
• Professional certifications such as CISSP, CISM, or SANS GIAC 
• Familiarity with using one or more programming/scripting languages (e.g., Python, Java, etc.)

Here’s What Our Interview Process Looks Like

Depending on calendar availability, from the first stage to the final stage, we do our best to keep the entire process to under three weeks. Our interviews take place via Zoom and typically consists of the following stages:

• Internal Recruiter Call (30 minutes)
• Meet with the Hiring Manager (45 minutes)
• Technical Interviews (2 x 60 minutes)
• Vulnerability Management Presentation (45 minutes)
• Pagoda Values Interview (30 to 45 minutes)

Please let us know if you require any special requirements for your interview and we’ll do our best to accommodate.

Ideal Location For This Role

This is a fully remote role, so that your timezone matches or overlaps with our leadership for this role, you’ll ideally be located in North America.

Compensation

The base salary range for this role is $165,750 - $195,000. This reflects the minimum and maximum range across all US locations. This does not include bonus, incentives, or benefits.

The actual base pay is dependent upon many factors, such as: leveling, relevant skills, and work location. If you are based outside of the US, we do have other geographic considerations that may impact your final compensation. Your recruiter can share more about the compensation and benefits applicable to your preferred location during the hiring process.