• Work with various internal business customers to coordinate, conduct, and tune network and system vulnerability scans prior to deployment and when those systems are modified within pre-production and production environments.
• Differentiate between vulnerabilities that are meaningful to the assessment and those that are not
• Understand development opportunities on how data can be correlated using functionality provided by the tools’ API
• Manage the administration and logistics of network vulnerability assessments including working knowledge of firewalls and problem solving to identify issues when they arise
• Coordinate, manage, and track remediation of identified vulnerabilities with system administrators, system owners, and IT support staff through meaningful metrics.
• Formally document and establish well-defined processes, procedures, remediation and mitigation strategies, and lessons learned from the application of system compensating controls.
• Consult with and provide technical reviews as an enterprise vulnerability management analyst to strategic initiatives and internal programs.
• Support the sustainment and operations of vulnerability assessment infrastructure through refresh initiatives and annual planning; work with vendors of utilized tools to support future enhancement and support of sought after functionality
• Advanced knowledge of system, firewalls, vulnerabilities and secure software development; Experience conducting vulnerability scans and interpreting results for IT staff and leadership.
• Possess technical knowledge of cross-site scripting, SQL injection, certificate high-jacking, and related attacks; understanding of secure coding practices, systems STIGs and the effects of application hardening; hands-on experience with databases, web servers, and active web content; ability to correlate applications security events to systems to assess overall system risk posture.
• Knowledge of secure development techniques including OWASP Top 10, tools, and methodologies.
• Ability to develop and report enterprise-level metrics for vulnerabilities and remediation progress.
• Ability to understand, demonstrate, and educate stakeholders on the real-world impact of threats to vulnerabilities in a given environment.
• A firm understanding of information assurance, risk management, and IT security topics and the ability to communicate complex, technical concepts to technical and non-technical audiences.
• Excellent social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data and technical concepts to a variety of technical and non-technical audiences
• Self-driven and fully accountable for independent effort performed as part of a geographically dispersed virtual team
• Able to effectively manage multiple customer requests, assessments and meet customer expectations within established service levels.
• Ability and willingness to accept direction, support leadership vision, and to serve as a point of contact directly supporting vulnerability assessments, system owners, and executives.
• Ability and willingness to share on-call responsibilities, work non-standard hours, and travel when required. • Ability to attest to Code of Conduct and related Ethical Monitoring requirements
• Desired Qualifications:
• Practical experience administering and configuring information systems
• Working knowledge of automated vulnerability assessment tools such as Tripwire IP360, Tenable Nessus, Qualys, HP WebInspect and similar tools.
• A deep understanding of remediation and mitigation techniques of system and application vulnerabilities on an enterprise scale