Sr IT Security Specialist (Vulnerability Management) (052-19)

Aac Asssociates Inc Bethesda , MD 20813

Posted 2 months ago

Serves as a subject matter expert in systems and network security vulnerability management. Provides technical guidance in certifying and recertifying installed systems using Tenable Security Center.

Communicates with the Incident Response Team via meetings, emails, and conferences to validate and address compliance findings in a timely manner, maintaining the high standards of the vulnerability management program. Interprets internal and external security scan results, prioritizes vulnerabilities, eliminates false-positives, and either performs or recommends corrective actions to remediate vulnerable systems and applications. Creates and maintains dashboards for the presence of both high priority and imminent vulnerabilities in the enterprise environment. Supports the customer ISSO on compliance activities and inquiries when necessary.

Coordinates communication of vulnerabilities for multiple Divisions, then validates and tracks remediation. Provides guidance, assistance, and coordination to systems developers, systems administrators, and other specialists to ensure the proper and timely implementation of information systems security standards and vulnerability remediation for both systems under development and deployed production systems.

Conducts security controls assessments for new and existing systems and networks. Recommends new or revised security measures and countermeasures for current security challenges.

Develops standard operating procedures and/or user guides that provide detailed instructions for implementing information systems security controls. Creates and maintains as-built system documentation, architecture diagrams, and online collaborative documentation such as a Wiki page, as they relate to the vulnerability management program.

Determines security modes of operation and the need for new or updated guidelines based on policy and technology changes. This includes the requirement to anticipate the need for changes to avert potential exposure and gain management acceptance of new policies.

Monitors, evaluates, and reports on the status and condition of information systems security programs, controls, and implementation throughout the environment, and directing corrective actions to eliminate or reduce risks. This requires in-depth analysis of systems development plans to ensure that security requirements and specifications are adequately defined and that security features are sufficiently rigorous to protect systems throughout the systems life cycle.

Additionally, as a member of the Incident Response Team, the IT Security Specialist responds to systems and network security incidents, e.g., system compromise, loss of confidentiality, authentication problems, etc. Analyzes incident reports, interviews end-users and system owners as needed, isolates potential sources, and recommends solutions to the supervisor.

Remediates security vulnerabilities in response to security incident reports, identifies and isolates problem sources and corrects problems as necessary. Evaluates new and improved security technologies and recommends adoption of new technologies that have the potential to enhance current capabilities.

Required Skills

Bachelor's degree in a related technical field is preferred. Prefer a minimum of ten (10) years of IT experience in systems administration and vulnerability management.

A minimum of five (5) years of the experience must entail network security and vulnerability management experience. Knowledge of information systems security principles and methods, the requirements for certification and accreditation of systems testing and evaluation, and performance management methods. Knowledge of test and assessment methods to evaluate security authentication technologies. Knowledge of network operations and protocols, and development life cycle management.

Required Experience

Must have expert level hands-on experience demonstrated within the last five years administering and operating an enterprise implementation of Tenable Security Center; Hands-on experience with running scans, validating findings, interpreting results, generating and disseminating reports to multiple parties, and facilitating remediation; Experience with Incident Response.

Certifications: CISSP certification acquired within 1 year

Security Clearance: Ability to obtain Level 2 Secret (ANACI) clearance



icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Vulnerability Analyst

Triumph Enterprises

Posted 2 weeks ago

VIEW JOBS 10/29/2019 12:00:00 AM 2020-01-27T00:00 Job Description With employee ownership comes both responsibility and rewards. Beyond your technical expertise (outlined below), you must be resourceful, detail-oriented, and 100% client focused, with a continuing passion for your profession. The rewards of joining Triumph Enterprises will include competitive compensation, exceptional benefits, matching 401K, and professional/training development allowances that exceed many companies of larger size and stature. Triumph Enterprises is a "Best-in-Class" employer (as validated by HR Solutions). Built around four core values, our employees, managers and leadership team work collaboratively to grow and sustain a Triumph Culture where: * "Client focus" has earned the trust and loyalty of our valued clients. * "Integrity" has earned us a reputation for doing the right thing in all situations. * "Imagination" and innovation has created new and exciting opportunities for both our company and our people. * "Employee Engagement" has resulted in benefits, promotions from within, a balanced work environment, professional development/training, social opportunities, and a culture of empowerment where our employees are as equally valued as our clients. We are actively seeking a mid-level Information Security Vulnerability Analyst to join a Security Operations team on a contract with a federal government client. Responsibilities The successful candidate will work directly with the Client and support team members to: * Perform risk-based assessments of current and emerging information security issues to support the mission by prioritizing remediation efforts * Facilitate communication between the Information Security Program, client Information System Security Officers (ISSOs), and system owners to address security issues and resolve vulnerabilities in a timely manner * Align with and support the execution of the Information Security Program vision and strategy * Provide input into the development of security guidance, policies, and procedures * Develop and build excellent relationships with prospects, clients, and internal team members. * Experience in a rapid paced, time sensitive, high quality environment. * Strong problem-solving capabilities and the ability to effectively communicate solutions. * Ability to take direction and achieve quality results, independently strive for personal excellence when completing tasks. * Strong customer service focus to meet the needs of internal and external customers. * Professional, pleasant, and polished demeanor. * Ability to work collaboratively with others. * Ability to maintain confidentiality of sensitive information within and external to Triumph, using own judgment. * Strong eye for small details that make a difference. Qualifications / Requirements * Five or more years of professional work experience with at least three years specialized in cyber security * BA or BS degree (additional years of experience in cyber security reduce this educational requirement) * One or more certifications in information security (such as GCIA, GCIH, CEH, CISSP, SSCP, Sec+, etc.) * Sound cyber security knowledge foundation, to include understanding of * Computer and network technology fundamentals * Network security tools (proxies, IPS/IDS, firewall, and packet analyzers) * Host security (IPS/IDS, AV, etc.) * Security tools and technologies * Threat and vulnerability management * Knowledge of IT environments, information security, and privacy * Current and emerging information security exploits, threats, and vulnerabilities * Experience analyzing and evaluating network and security vulnerabilities * Understanding of current and emerging information security exploits, threats, and vulnerabilities * Excellent verbal and written communication skills and ability to build strong relationships with stakeholders at all levels * Demonstrated expertise with multiple Windows, Mac OS, and *nix operating systems * Scripting experience with Bash, Python, or Perl * Experience with SIEM tools Desired Elements * Ability to obtain a Public Trust clearance. * Proficient in MS Office (Word, PowerPoint, Excel) and MS Project * Proposal development experience * Experience with government contracting firms supporting the Federal government. Company Overview Triumph is an employee-owned information technology (IT) company specializing in Program Management, Administrative Services, and Network and IT Support Services. Incorporated in Virginia in 2005, Triumph has risen to meet the Federal Government's growing need for mission-critical Cybersecurity, Business Intelligence, Analytics, Data Visualization; and Program Management expertise and cultivated a track record of success. Our pursuit of excellence is driven by an emphasis on Client Focus, Integrity, Imagination, and Employee Engagement – the Core Values that motivate and inspire our leadership, business practices, and company culture. For more information on Triumph, visit http://triumph-enterprises.com/. Triumph participates in e-Verify. We provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 Form to confirm work authorization. Triumph is an equal opportunity employer and gives consideration for employment to qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status or any other status defined by law. Go to www.triumph-enterprises.com to learn more about Triumph. Triumph Enterprises Bethesda MD

Sr IT Security Specialist (Vulnerability Management) (052-19)

Aac Asssociates Inc