BuzzFeed News

Reporting To You


Sony Posted A "Director Of Vulnerability Management" Job Opening

If you have "expert-level knowledge of advanced persistent threats", then Sony wants to hear from you.

Posted on December 23, 2014, at 6:12 a.m. ET

After weeks of dealing with the aftermath of being hacked – making a trove of confidential and embarrassing information public – Sony advertised for a "Director of Vulnerability Management" on their official website.

The job was posted on their website on December 19. Here is what they're looking for in applicants:

Sony Corporation of America (SCA) is seeking a Director of Vulnerability Management Engineering, to join the Global Information Security and Privacy organization in Northern Virginia area. This position will report to the Senior Director, Security Engineering, and be a part of the team responsible for establishing a unified enterprise security architecture to secure Sony's information assets, services, and the products that depend on them, building trust with customers and stakeholders, and protecting the privacy of Sony's customers and employees.

Unify and enhance Sony's global information security architecture, to include a cohesive vulnerability management strategy encompassing all Sony Group companies
Serve as a technical security subject matter expert and advisor for global information security priority initiatives

Lead multiple teams of highly technical engineers and developers, providing thought leadership, career development, mentorship, and technical guidance

Oversee the development of vulnerability management systems, initiatives, integration, and technical assessment support

Lead teams and coordinate efforts or initiatives for penetration testing, system and application vulnerability management, overall technical risk assessments, and hunting operations

Develop and refine global information security technical standards, guidelines, and training

Support coordination of budgetary planning activities for Sony Group company expenditures related to information security tools and services, to include leadership of enterprise mid-range planning activities

Support the management, planning and execution of the global security engineering budget

Assemble and lead diverse sets of information security experts and stakeholders in the formulation of unified information security requirements and architecture standards for Sony's most critical global projects and contracts

Serve as a subject matter expert performing intra-company advisory services related to security architecture strategy and technology implementation

So if you have "expert-level knowledge of advanced persistent threats" and these other qualifications, then Sony wants to hear from you.


Minimum of ten (10) years of experience in information security

Minimum of five (5) years of experience in penetration testing/red teaming

Master's degree in an appropriate field, such as Computer Science, or equivalent experience

Experience developing and refining threat-informed defense-in-depth security architectures

Expert-level knowledge of prevalent operational security tactics and techniques (vulnerability exploits and countermeasures, remote access trojans and related persistence techniques, social engineering, etc.)

Expert-level knowledge of advanced persistent threats

Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise language

Ability to collaborate and communicate effectively and tactfully with both business-oriented executives and technology-oriented personnel

Ability to negotiate compromise between diverse parties with competing equities

Ability to work independently in unstructured situations