Full-Time Jr. Vulnerability Assessment Analyst

We are looking for a Jr. Vulnerability Assessment Analyst with project lead experience and hands-on engineering experience. The Vulnerability Assessment Analyst will be responsible for the planning, implementation, maintenance, and support of the vulnerability management program for a state-level department of IT.

Duties and Responsibilities:

• Daily oversight of vulnerability management program
• Serve as liaison between Security Assessment and Security Operation Center (SOC) functions on matters pertaining to vulnerability scanning for security assessment efforts
• Plan, execute, monitor, control, and successfully close vulnerability management projects/tasks
• Configure and schedule patch and secure configurations audit scan jobs (vulnerability scans)
• Maintain configurations of patch and secure configurations scan jobs, i.e., asset lists, scan plugins, STIGs audit files, CIS Benchmarks audit files, and scan credentials
• Troubleshoot and resolve failed patch and secure configurations scan jobs, i.e., missing credentials, asset list updates, firewall issues
• Analyze patch and secure configurations audit scan results and identify and document technical and procedural vulnerability findings
• Research resolution strategies/measures for identified vulnerability findings and provide remediation/mitigation recommendations
• Identify false positive findings and determine and advise on the criteria for validating the findings i.e., required artifacts
• Prepare vulnerability management reports on the status of patch and secure configuration audit scans and associated remediation efforts
• Communicate status vulnerability management efforts to include regular scheduled reports and as well as ad hoc reports
• Ensure the vulnerability management platform maintains updated versions of secure configurations scans audit files i.e., proprietary vendor audit files, STIGs audit files, CIS Benchmarks audit files
• Ensure that vulnerability management services are operating as expected i.e., completeness of the of each scope scan jobs, timely completion of scan jobs, up-to-date patch audit plugins
• Ensure proper functioning of integrations between the vulnerability management platform and other tools such as asset management and risk management platforms
• Ensure and data updates from vulnerability management platforms to asset management and risk management platform are running as scheduled
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Development and implementation operational and technical vulnerability management policies
• Defining, developing, implementing, and processes and procedures for to support and maintain vulnerability management program

Education and Years of Experience:

• At least five (5) years of experience with NIST Risk Management Framework (RMF) supporting technical assessment (vulnerability scans) of control implementations and continuous monitoring post-system Authority to Operate (ATO)
• At least three (3) years of hands-on experience in LAN Administration i.e., Hands-on administration of Windows OS and Linux OS, and hands-on basics administration of routers, switches, and firewalls.
• At least two (2) years of hands-on experience with Tenable Security Center/ Nessus Scanners i.e., creating, maintaining, and running scan jobs and analyzing scan results
• At least two (2) years of hands-on experience executing, monitoring and controlling, and closing security assessment projects

Associates or bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering or related scientific or technical discipline.

Ability to work outside of regular business hours, the role may require on-call support after regular business hours or weekends.

Required Skills/Certifications:

• At least 1 security management industry certifications such as Sec+, CySA+, etc.
• Self-starter, able to gather requirements, plan, execute system deployment efforts.
• Able to perform conduct vulnerability assessment of technical security controls, identify and validate findings, research resolutions, and provide remediation/mitigation recommendations.
• LAN administration experience, particularly with Windows OS and Linux OS.
• Experience with the vulnerability management tools such as Tenable Security Center/Nessus Scanners, Web Inspect, DB Protect etc.
• Experience with Governance, Risk, and Compliance (GRC) platforms such as RSA Archer, ServiceNow GRC, CSAM

Customer-oriented with excellent issue follow-through and resolution abilities. Excellent written and oral communication, and presentation skills. Ability to effectively work both autonomously as well as on a team. Outstanding interpersonal skills, strong work ethic, and self-motivated. Utilize tools and analytical skills to plan and execute technical changes. Relevant industry certification. Integres offers competitive salaries bolstered by a comprehensive benefits package.

What is the last date for applying to the job?

Which countries are accepted for this remote job?