Vulnerability Management Analyst

Date Posted: 
Wednesday, June 20, 2018 to Friday, June 29, 2018
Job Type: 
Full Time
Job Location: 
Rockville, MD

 

Description: ASSYST's county government customer expanding their Information Security program. Our Information Assurance and Cyber Security Practice (http://assyst.net/services/information-assurance) is seeking a qualified Vulnerability Management Analyst to support this customer requirement. ASSYST is currently managing Cyber initiatives for various customers including Federal, State and Local governments. Our end to end services cover architecture, design, policy, monitoring, detection, remediation, compliance, awareness and training. 

As a member of the Enterprise Information Security Office’s (EISO) Vulnerability Management Team (within DTS) the Vulnerability Management Analyst will play a lead role in the support and maintenance of the Vulnerability Management Program by providing security oversight of the County’s network(s) through monitoring / investigating potential security vulnerabilities utilizing the County’s security scanning and analysis tools. 

 

Responsibilities:

  • The analyst will be responsible for configuring and maintaining vulnerability assessment tools, as well as performing scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results. 
  • The analyst will be responsible for understanding approaches for addressing vulnerabilities including system patching, deployment of specialized controls, code or infrastructure changes, changes in development processes, cloud and mobile devices. 
  • Chosen Individual will develop and produce metrics and reporting on the state of system security, threat, vulnerability, and patch management.
  • The analyst will deliver security training and education to technical/business staff within findings and will act as an internal security consultant to advise or influence business or technical partners. 
  • The analyst will manage the tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.
  • Will assess risk and recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions.
  • He/She will be the primary point person for written/verbal communications associated with the Vulnerability Management Program.

 

Specific Areas:

  • QualysGuard Administration – administration of the QualysGuard vulnerability management tool to include but not limited appliances, assets, scans, reports, and dashboards.
  • Vulnerability/Threat Metrics – formal documentation of metrics depicting the state of system security, threat, vulnerability and patch management
  • Vulnerability Mitigation Recommendations – formal documentation of recommendations for addressing vulnerabilities including system patching, deployment of specialized controls, code or infrastructure changes, changes in development processes, cloud and mobile devices.
  • Helpdesk Tickets – creation/management of all vulnerability related Helpdesk tickets through resolution/mitigation via Remedyforce and/or Zendesk.
  • Documentation – tracking procedures and changes within the vulnerability management infrastructure pertaining to but not limited to assets, report scheduling and inventory scanning.

 

Qualifications:

  • Bachelor's Degree in Computer Science, Engineering or Management 
  • Minimum of five (5) years practical experience in managing and operating enterprise level vulnerability assessment and configuration assessment tools. 
  • Experience in managing and operating  Qualys, Rapid7 or Nessus  Vulnerability Assessment/ management tools on an enterprise level.
  • He/she will have prior experience with planning, developing, and executing vulnerability scans, reports, and dashboards. 
  • The candidate will have a working knowledge of operating systems such as UNIX/Linux and Microsoft Windows, and applications such as Google Chrome, Oracle Java, and Adobe Acrobat.
  • He/she will possess excellent analytic skills and the ability to identify/remove false positives from assessment results, identify/document threat/vulnerability trends, and recommending/implementing compensating controls and or/corrective actions.
  • The ideal candidate will possess excellent written, verbal, and presentation skills. 
  • The candidate will have demonstrated the ability to communicate at peer, business and executive levels from both a technical and layman’s perspective.

 

 

We are proud to offer a robust benefits package including medical, dental, vision, 401(k) retirement plan, employee stock ownership plan, disability insurance, flexible spending accounts and more in order for our employees to maintain a secure work/life balance.  

 

ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, disability, military status, national origin or any other characteristic protected under federal, state, or applicable local law.

Contact
Shafeeq Rahman