Analyst, Vulnerability Management - Scaleneworks
Fort Worth, TX
About the Job
Description:
Specifically, you ll do the following:
Performs discovery scanning via the Vulnerability Management Platform (scheduled and ad-hoc)
Performs Vulnerability Risk assessments to prioritize critical vulnerabilities
Provides gap analysis to compare the list of known resources so gaps can be investigated and owners identified
Identifies resource types (e.g. router, desktop computer, server, network switch, firewall, etc.), operating systems, and whether active services are "Enterprise" level
Provide guidance and recommendation to engineers and developers on how to remediate security vulnerabilities
Populates data visualization tool (such as Tableau, Nucleus, etc.) for reporting vulnerability metrics by system and owner
Qualifications
Required Qualifications
Bachelor s degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS/MIS), Engineering or related technical discipline, or equivalent experience/training
3 years of hands-on technical security engineering experience
Certifications: CISSP, CISM, CISA, CEH, GCIH, GSEC, GCFA, GREM, CCENT
Ability to install, configure, troubleshoot, and administer VM Platform(s). (Ex.Tanium, Tenable, Coverity, Brinqa, etc.)
Experience with Tanium programming or creating custom configurations within Tanium
Experience with dynamic and static code analysis experience (e.g. QualysWAS, SAST tools, Tenable)
Experience with security configuration checklists (e.g. CIS Benchmarks and CSA security guidance)
Familiarity with NIST Special Publications (e.g. 800-171,800-53, CSF)
Familiarity with PCI DSS Compliance standards and scanning practices
Ability to code and script Python, SQL, BASH, or PowerShell
Ability to configure and use technical assessment tools such as Tanium Comply and Tenable Nessus
Deep understanding of the technical architecture of IT systems built using Windows, UNIX, Linux, Solaris, VMware, Citrix, Oracle, and MySQL platforms
Experience and knowledge in cloud and Kubernetes environments. (Azure Kubernetes Service, IBM Kubernetes service, Oracle Cloud Infrastructure, etc..)
Experience in DevOps Toolchain methodologies, including Continuous Integration and Continuous Deployment
Preferred Qualifications
5+ years of hands-on technical security engineering experience
Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups; strong
presentation and technical documentation skills
Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
Ability to work well within a team environment, as well as independently
Performs discovery scanning via the Vulnerability Management Platform (scheduled and ad-hoc)
Performs Vulnerability Risk assessments to prioritize critical vulnerabilities
Provides gap analysis to compare the list of known resources so gaps can be investigated and owners identified
Identifies resource types (e.g. router, desktop computer, server, network switch, firewall, etc.), operating systems, and whether active services are "Enterprise" level
Provide guidance and recommendation to engineers and developers on how to remediate security vulnerabilities
Populates data visualization tool (such as Tableau, Nucleus, etc.) for reporting vulnerability metrics by system and owner
Qualifications
Required Qualifications
Bachelor s degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS/MIS), Engineering or related technical discipline, or equivalent experience/training
3 years of hands-on technical security engineering experience
Certifications: CISSP, CISM, CISA, CEH, GCIH, GSEC, GCFA, GREM, CCENT
Ability to install, configure, troubleshoot, and administer VM Platform(s). (Ex.Tanium, Tenable, Coverity, Brinqa, etc.)
Experience with Tanium programming or creating custom configurations within Tanium
Experience with dynamic and static code analysis experience (e.g. QualysWAS, SAST tools, Tenable)
Experience with security configuration checklists (e.g. CIS Benchmarks and CSA security guidance)
Familiarity with NIST Special Publications (e.g. 800-171,800-53, CSF)
Familiarity with PCI DSS Compliance standards and scanning practices
Ability to code and script Python, SQL, BASH, or PowerShell
Ability to configure and use technical assessment tools such as Tanium Comply and Tenable Nessus
Deep understanding of the technical architecture of IT systems built using Windows, UNIX, Linux, Solaris, VMware, Citrix, Oracle, and MySQL platforms
Experience and knowledge in cloud and Kubernetes environments. (Azure Kubernetes Service, IBM Kubernetes service, Oracle Cloud Infrastructure, etc..)
Experience in DevOps Toolchain methodologies, including Continuous Integration and Continuous Deployment
Preferred Qualifications
5+ years of hands-on technical security engineering experience
Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups; strong
presentation and technical documentation skills
Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
Ability to work well within a team environment, as well as independently
| Glider Assessment Required? |
Additional Details
- Glider Assessment Required? : No
- Glider Assessment Name (If Applicable) (drop down) : N/A
- Does Contractor Need Their Own Laptop? : Yes
- Laptop Specs : Power laptop
Source : Scaleneworks