What You'll Do
- Support identification of vulnerabilities by enhancing vulnerability identification at process and technology level.
- Own, manage, and mature infrastructure vulnerability scanning process and tools and align with vulnerability identification KPIs.
- Support identification, triaging, assignment and remediation of vulnerabilities ensuring that vulnerability management lifecycle is followed.
- Timely respond to security threats by collaboration with other security teams and provide effective remediation solution complemented by compensatory controls.
- Provide data driven insights into improvement opportunities for infrastructure vulnerability management process.
- Prepare reports for technical teams, compliance deliverables and executive management highlighting current status of infrastructure from vulnerability management perspective.
- Work with engineering teams for effective patch management by providing highly customized reports and vulnerability metrics.
- Provide support for infrastructure penetration testing.
- Drive the remediation process to ensure vulnerable assets are patched or remediated within agreed SLAs
- Proactively research new methods, tools, and strategies to effectively identify vulnerabilities
What you’ll need
- 5+ years working in security and advanced level of understanding regarding systems security at both technical and procedural level
- Advanced level of understanding of infrastructure vulnerability scanning tools
- Understanding (technical aspects of) penetration testing and results (including scoping and organizing of pentests, use of vulnerability scanners, vulnerability management tools) and basic knowledge of web application vulnerabilities and standards
- Good understanding of IT fundamentals across networking (such as DNS, SNMP, DHCP, IPSEC etc.), system, and application layers
- Excellent interpersonal and communication skills in order to share knowledge and to communicate effectively with different stakeholders (IT and business partners)
- Demonstrate a strong interest and understanding of general network security concepts.
- Ability to understand technical manuals, online technical documentation, software specifications, and systems software operations.
What’s nice to have
- Relevant industry certification
- Excellent leadership, interpersonal, motivation skills and a team player attitude
- Experience managing a bug bounty program
Meet your team
We’re Information Security. We protect TomTom’s infrastructure, applications, employees and customers. We work alongside Enterprise IT, Commercial IT, Legal, Finance and HR to minimize risk and increase resilience across the business. We take an intelligence-driven approach, relying on innovative commercial and open-source solutions to proactively identify vulnerabilities and contain threats. On our team, you’ll help secure a safe, connected, autonomous world that is free of congestion and emissions.
We are self-starters who play well with others. Every day, we solve new problems with creativity, meet new people and learn rapidly at our offices around the world. We will invest in your growth and are committed to supporting you. In everything we do, we’re guided by six values We care, putting our heart into what we do; we build trust (you can count on us); we create – driven to make a difference; we are confident, but don’t boast; we keep it simple, since life is complex enough; and we have fun because life’s too short to be boring.
After you apply
Our recruitment team will work hard to give you a meaningful experience throughout the process, no matter the outcome. Your application will be screened closely and you can rest assured that all follow-up actions will be thorough, from assessments and interviews through your onboarding.
TomTom is an equal opportunity employer
We celebrate diversity, thrive on each other’s differences and are committed to creating an inclusive environment at our offices around the world. Naturally, we do not discriminate against any employee or job applicant because of race, religion, color, sexual orientation, gender, gender identity or expression, marital status, disability, national origin, genetics, or age.
Ready to move the world forward?