Full Time, Employee
Collaborative Influence: works collaboratively with staff, agencies and peers to further enterprise initiatives and objectives.
Embraces Challenge: operates as a change agent in the enterprise by continually seeking ways to improve how services are offered in a cost-effective manner. Embraces change opportunities while encouraging staff to do the same.
Earns Trust: operates in a trustworthy manner such that they earn the trust of their peers, their staff, and the enterprise.
Enables Performance: enables the objectives of peers and agencies who have specific objectives to accomplish by removing barriers and enabling or improving key services.
Informed Judgement: overcomes situations where decisions will need to be made with little information and as such, the individual in this position should feel comfortable making strategic decisions with the information currently available.
Thinks Horizontally: seeks to work horizontally across the enterprise to solve and prevent problems collectively and leverage the collective expertise contained in the organization.
- The successful candidate manages vulnerabilities throughout the vulnerability management lifecycle for a NIST-based governance structure and provides risk-based feedback to organizational stakeholders regarding vulnerabilities discovered.
- Prioritizes vulnerability management activities based on the criticality of systems/data/risk and prepares vulnerability reports for leadership on identified vulnerabilities and provides consultative expertise to key decision-makers.
- Responsible for conducting vulnerability scans across hosts, desktop applications, and web-based applications. Conducts scans of information system configurations to ensure systems meet baseline requirements. Identifies gaps in patching and configurations.
- Assesses the degree to which information systems are secure, patched, functioning as intended, and compliant with Commonwealth patching policies, local/state/federal laws, and other applicable governing bodies.
- Identifies owners of vulnerable systems/services/applications, and works in partnership with them to initiate, track, and verify remediation of vulnerabilities or configuration issues. Escalates exception issues that cannot be remediated or escalates risk-based impediments to remediation to the appropriate Information Security or Risk Management teams. Recommends additional compensating controls as needed.
- Uses a variety of industry standard vulnerability management tools from different vendors (Rapid7, Veracode, Tenable). Stays informed of developments and emerging technologies within the vulnerability management industry. Recommends enhancements to the vulnerability management program based on current trends and deficiencies within the environment.
• Professional Vulnerability Management experience in large-scale environments – Required 2 years
• Experience with one or more industry standard vulnerability management tool from Rapid7, Veracode, Tenable, or equivalently mature vendor – required 2 years
• Professional oral and written communication skills – Required
• Excellent soft skills such as empathy, listening, presenting, and negotiating – Required
• Holds an Associate degree or higher in an Information Technology related field, OR an information security certification from the following list: https://en.wikipedia.org/wiki/List_of_computer_security_certifications
For more information about this position, an SGC representative will be in touch immediately.