Serves as a subject matter expert in systems and network security vulnerability management. Provides technical guidance in certifying and recertifying installed systems using Tenable Security Center.
Communicates with the Incident Response Team via meetings, emails, and conferences to validate and address compliance findings in a timely manner, maintaining the high standards of the vulnerability management program. Interprets internal and external security scan results, prioritizes vulnerabilities, eliminates false-positives, and either performs or recommends corrective actions to remediate vulnerable systems and applications. Creates and maintains dashboards for the presence of both high priority and imminent vulnerabilities in the enterprise environment. Supports the customer ISSO on compliance activities and inquiries when necessary.
Coordinates communication of vulnerabilities for multiple Divisions, then validates and tracks remediation. Provides guidance, assistance, and coordination to systems developers, systems administrators, and other specialists to ensure the proper and timely implementation of information systems security standards and vulnerability remediation for both systems under development and deployed production systems.
Conducts security controls assessments for new and existing systems and networks. Recommends new or revised security measures and countermeasures for current security challenges.
Develops standard operating procedures and/or user guides that provide detailed instructions for implementing information systems security controls. Creates and maintains as-built system documentation, architecture diagrams, and online collaborative documentation such as a Wiki page, as they relate to the vulnerability management program.
Determines security modes of operation and the need for new or updated guidelines based on policy and technology changes. This includes the requirement to anticipate the need for changes to avert potential exposure and gain management acceptance of new policies.
Monitors, evaluates, and reports on the status and condition of information systems security programs, controls, and implementation throughout the environment, and directing corrective actions to eliminate or reduce risks. This requires in-depth analysis of systems development plans to ensure that security requirements and specifications are adequately defined and that security features are sufficiently rigorous to protect systems throughout the systems life cycle.
Additionally, as a member of the Incident Response Team, the IT Security Specialist responds to systems and network security incidents, e.g., system compromise, loss of confidentiality, authentication problems, etc. Analyzes incident reports, interviews end-users and system owners as needed, isolates potential sources, and recommends solutions to the supervisor.
Remediates security vulnerabilities in response to security incident reports, identifies and isolates problem sources and corrects problems as necessary. Evaluates new and improved security technologies and recommends adoption of new technologies that have the potential to enhance current capabilities.
Bachelor's degree in a related technical field is preferred. Prefer a minimum of ten (10) years of IT experience in systems administration and vulnerability management.
A minimum of five (5) years of the experience must entail network security and vulnerability management experience. Knowledge of information systems security principles and methods, the requirements for certification and accreditation of systems testing and evaluation, and performance management methods. Knowledge of test and assessment methods to evaluate security authentication technologies. Knowledge of network operations and protocols, and development life cycle management.
Must have expert level hands-on experience demonstrated within the last five years administering and operating an enterprise implementation of Tenable Security Center; Hands-on experience with running scans, validating findings, interpreting results, generating and disseminating reports to multiple parties, and facilitating remediation; Experience with Incident Response.
Certifications: CISSP certification acquired within 1 year
Security Clearance: Ability to obtain Level 2 Secret (ANACI) clearance
Aac Asssociates Inc