Job Details: Vulnerability Prog. Analyst - Senior


Job Title : Vulnerability Prog. Analyst - Senior
Job Ref No : 24481-1243
Job Posted Date : 1/5/2018
Job State : District of Columbia
Job City : Washington
Who Can Apply : US Citizens, GC, EAD, TN, H1B
No of Openings : 1
Skills Required : ,

Job Description :


JOB ID: Vulnerability Prog. Analyst - Senior (521928).
Rate may vary depending on candidate preference for either w-2 (benefits or no benefits) or must have a LLC limited liability corporation.
Location: Washington, DC
Years of experience: 11-15 + years experience.
Duration: 9/30/18 +
Number of positions: 1
Interviews: Either phone or in-person.

Job Description:
Vulnerability Management Program Manager (VMPM) responsible for implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) and remediated.

Major Duties:

The OCTO City of Washington DC, Vulnerability Management Program Manager (VMPM) is responsible for the implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) during cooperative routine scanning, on demand scanning, and as part of the Change Control Board (CCB) process. The VMPM will then work with system owners and stakeholders to remediate findings. The VMPM will develop intra and extra organizational communication, and implement the Policies, Processes and Procedures that support the Vulnerability Management Program. The outcome of these processes is that the VMPM will provide a District wide view of current and remediated vulnerabilities across all District Agency endpoints and servers and track the waiver and risk mitigation process.
Responsibilities/Duties:
Analyze current vulnerability management tools for network scanning and static code analysis and determine how to best leverage tools to support the Vulnerability Management Program.
Review new vulnerabilities as they are disclosed and perform proactive assessment of the environment for network, systems and applications as applicable.
Work with Server and Desktop engineers to develop and maintain baseline images.
Participate in the Change Advisory Board and represent the Go/NO-GO position for the CISO based on Vulnerability Management remediation.
Perform static code analysis using supplied tools on an as-required basis.
Perform network scanning using supplied tools on an as-required and scheduled basis.
Perform passive application assessments using supplied tools on an as-required and scheduled basis
Prepare and deliver comprehensive assessments that explain risk, demonstrate findings, and offer tactical and strategic recommendations to stakeholders
Provide weekly reports for inclusion in the District Cyber Security Report.
Coordinate and perform quarterly cooperative Agency Vulnerability Management and report results as appropriate.
Manage and maintain assessment platforms.

Specific Skills

Specific knowledge, skills, and abilities required by the incumbent to successfully fulfill the Major Duties and perform the Tasks required for this position include:
3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools.
3-5 years demonstrated operational implementation and use of Application security assessment tools e.g Rapid7 Appspider, Trustwave, Fortify
Demonstrated understanding of DEVOPS and SECDEVOPS as it applies to and support lifecycle development and secure coding techniques.
Able to explain Application vulnerabilities to programmers and application owners

Education/Certification

B.A. or B.S. degree in Computer Science, Information Systems or 6 years of equivalent experience in a related field. This position requires a minimum of 5 years of experience.
At least 3 years of specialized experience in defining computer security requirements for high-level applications, evaluating approved security product capabilities, and developing solutions to Multi level Security problems.
Security+ Certification, CEH or similar desired.
Tool specific certification (Rapid7, Nessus, Parasoft, Fortify, WSUS, BF, SCCM, Heat, Sattelite) desired.

Questions:
Question: Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question: Please list candidates email address that will be used when submitting E-RTR.
Question: There are no reimbursable expenses. Do you accept this requirement?
Question: Please describe your candidates 3-5 years demonstrated operational implementation and use of Fortify and ParaSoft static code analysis tools.
Question: Please describe your candidates 3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools.
Question: Please describe your Demonstrated proficiency with HEAT and SATELLITE patch management tools for Windows and Unix environment patching.

Are you Looking for a IT Training or IT Job?

Quick Apply this Job!

(doc, docx, rtf, pdf, txt were Acceptible)

quick Apply this job - It takes < 1 min to Apply!

Related Jobs

.Net Programmer

JOB ID: .Net Programmer (524955).Interview: Phone and may require in-person.Location: Little Rock, AR Durat..

DIS z/OS DB2 DBA (DBA3 SC3)

Job ID: DIS z/OS DB2 DBA (DBA3 SC3) (526634).Interview: Phone and may require in-person.Location: Little Rock,..

Full Stack Developer

JOB ID: Full Stack DeveloperInterview: Phone/skype for out of town candidates. Will require in-personfor local ..

UI Developer

JOB ID: UI DeveloperInterview: Phone/skype for out of town candidates. Will require in-personfor local candidat..

Software Test Analyst 2

JOB ID: Software Test Analyst 2 (524888)Rate may vary depending on candidate preference for either w-2 (benefits or..

Program Manager

JOB ID: Program ManagerLocation: Mountain View, CAExperience: 3-6 years plus. Duration: 01/22/2018 to 04/..

MDOS - Programmer 6

JOB ID: MDOS - Programmer 6 (525815).Rate may vary depending on candidate preference for either w-2 (benefits or<br..

JAVA DEVELOPER

Job Title: JAVA DEVELOPERLocation: Sunnyvale,CA(local Only)Duration: long termJob Description:PR..

Sr. AWS/NodeJS Developer

JOB ID: Sr. AWS/NodeJS DeveloperLocation: Portland, Oregon. (For positions in Portland, OR try to find candidates i..

QA Automation Engineer

JOB ID: QA Automation EngineerLocation: Columbia, MD (between Baltimore, MD and Washington, DC)Years of experie..