Our team is dedicated to safeguarding the MathWorks network, encompassing both the infrastructure and application deployment pipelines across on-premises and cloud environments. As a vital component of the Information Security team within the broader IT organization, we play a crucial role in supporting the internal MathWorks environment. Our core mission is to maintain the organization's safety by proactively identifying, mitigating, and reducing cybersecurity risks. Through our efforts, we ensure the integrity, availability, and confidentiality of our systems and data, thereby enabling MathWorks to continue its industry-leading work without interruption.

Responsibilities

In this role, you will be instrumental in enhancing the security posture of MathWorks by focusing on comprehensive vulnerability management across our network, including infrastructure, applications, and cloud environments. You will:

• Enhance and expand vulnerability scanning across MathWorks' business applications, infrastructure (servers, containers), CI/CD pipelines, and third-party components.
• Lead operational vulnerability management activities, including scanning, triage, and response, especially for expanded scopes and cloud platforms, ensuring compliance.
• Assist in cloud-native application security projects.
• Automate vulnerability management workflows to increase efficiency and repeatability.
• Collaborate with IT and development teams to integrate security practices into the development lifecycle, to enhance DevSecOps capabilities.
• Develop and refine security procedures to reflect best practices in vulnerability management and cloud-native security capabilities.

This role has an emphasis on both operational and strategic elements of vulnerability management and cloud-native security efforts.

Minimum Qualifications

• A bachelor's degree and 10 years of professional work experience (or equivalent experience) is required.

Additional Qualifications

Required Knowledge and Education:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Understanding of compliance standards (ISO, CMMC, SOC 2, etc.).
• Knowledge of cloud computing platforms (AWS, Azure, GCP), including cloud security best practices.
• Familiarity with cloud-native application security protocols and best practices.
• Knowledge of DevSecOps principles and securing development pipelines.

Required Experience and Skills:

• Experience in information security, specifically in vulnerability management, cloud security, and application security.
• Proven experience with vulnerability scanning tools and operational management in diverse environments.
• Hands-on experience with Cloud-Native Application Protection Platforms (CNAPP), Cloud Posture Management Platforms (CSPM), or similar.
• Skill in automating security processes and workflows for improved efficiency and repeatability.
• Experience implementing security processes within CI/CD pipelines for cloud-native applications.
• Strong analytical skills and the ability to work independently on complex security tasks.