- Directs and executes the Vulnerability Management component of the Threat Management program for the company. Helps determine the overall direction and execute steps in this program to include: integration with the Information Technology (IT) engineering and operations functions, influencing internal systems operations and administration teams throughout the company, serves as a subject matter expert in vulnerability management to our systems architecture teams to address design and requirements questions, facilitates both internal and third party penetration testing activities, and vulnerability remediation processes. Performs software risk assessments of proposed elements entering our environment.
- Primary Responsibilities:
- Administers vulnerability scanning tools.
- Identifies security vulnerability owners and generates actionable reports.
- Work with infrastructure and application teams to provide remediation guidance.
- Collaborates with internal partners to facilitate remediation processes.
- Automates vulnerability scanning operations.
- Develops metrics and dashboards for reporting on environment risk and remediation progress.
- Participates in the incident response and investigation process.
- Participates in special projects and performs other duties as assigned.
- Knowledge of vulnerability tracking sources, including the OWASP Top Ten and CVE databases.
- Knowledge of security monitoring and incident response.
- Excellent problem solving and analytical skills.
- Ability to communicate with employees at all levels of the organization.
- Ability to work with multidisciplinary and cross-functional teams.
- Ability to multi-task and work independently with minimum supervision to meet tight deadlines.
- Highly motivated team player to ensure that security risks are effectively identified and addressed.
- Excellent communication and presentation skills, and strong interpersonal skills.
Education and Experience:
- Bachelor’s degree in Computer Science, Information Security, or related discipline or commensurate job experience.
- Minimum of 5+ years of vulnerability assessment experience.
- At least 5+ years of work experience in hands-on security assessments.
- Preference will be given to those with one or more of the following technical certifications:
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensics Analyst (GCFA)
Additional security certifications not listed will be considered.
Job Type: Full-time
- Management: 2 years (Required)
- Arlington, VA (Preferred)