Technical Security Engineer-Vulnerability Mgt. - Sterling, VA - Georgia IT Inc.

Job Title: Technical Security Engineer-Vulnerability Mgt.
Location: Sterling, VA
Position Type: Full time (Direct Hire)
Work Status: US Citizen/Green Card
Interview Process: Phone, then Face to Face
Salary: $120 - $125K (DOE)

Overview:
The Vulnerability Management - Technical Security Engineer will be responsible for configuring vulnerability assessment tool(s), performing scans, analyzing vulnerabilities, identifying relevant threats, recommending corrective actions, and summarizing results. Recommended corrective actions may include vendor patching, deployment of specialized controls, code or infrastructure changes, and improvements in development processes. The Vulnerability Management - Technical Security Engineer will collaborate with a variety of teams, including IT Security operational and engineering teams, application and infrastructure teams (both engineering and operational), and tool support teams to ensure corrective actions are developed and deployed on a timely basis.

Responsibilities:

• Management of Vulnerabilities (scanning, identification, analysis, impact assessment, prioritization and remediation) from Dynamic, Static and Infrastructure scanners.
• Develop and execute custom scripts to validate automated scan findings to minimize false positives and other "noise , as well as identify impacted systems for new vulnerabilities that are reported from external threat feeds.
• Monitor for and review vendor patches for applicability and impact our network and systems.
• Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our computing environment and communicating applicable vulnerabilities and recommended corrective actions to impacted teams.
• Automate integration of vulnerability threat feeds, as well as Dynamic, Static and Infrastructure scan results with IT Security GRC management solution.
• Manage risk by analyzing technology security threats and potential impacts to our systems and help define solutions to mitigate exposure by leveraging expert analytical and technical skills.
• Manage vulnerability scanning tool infrastructure, policies, configurations.
• Generate reports/dashboards on vulnerability findings and remediation compliance, and summarize information to facilitate remediation tasks.
• < >Experience in at least two of the following: Application Development, scripting languages (including Python, Perl) and using web APIs to connect vulnerability and risk assessment tools.
• Must have in-depth knowledge of managing vulnerabilities, including scanning and identifying vulnerabilities, understanding how they can be exploited, manually validating/reproducing automated findings, removing false positives and serving as a subject matter expert in communicating vulnerability information to technical and business stakeholders.
• Linux/Unix operating system (CentOS or RedHat Linux).
• Understanding of enterprise architecture (network and infrastructure).
• Required ability to effectively collaborate with and influence others to modify their opinions, plans, or behaviors.
• Solid understanding of information security policies, standards and industry best practices.
  
  Education/Experience:
• CISSP, CISA or equivalent certification(s).
• Minimum Bachelors degree in Information systems or related field or an equivalent combination of education and work experience.
• Minimum 5 years experience in systems development (API development a plus)
• Minimum 3 - 5 years of hands-on technology risk, security and/or governance experience.