|Job Title :||Vulnerability Prog. Analyst - Senior|
|Job Ref No :||24481-1243|
|Job Posted Date :||1/5/2018|
|Job State :||District of Columbia|
|Job City :||Washington|
|Who Can Apply :||US Citizens, GC, EAD, TN, H1B|
|No of Openings :||1|
|Skills Required :||,|
Job Description :
JOB ID: Vulnerability Prog. Analyst - Senior (521928).
Rate may vary depending on candidate preference for either w-2 (benefits or no benefits) or must have a LLC limited liability corporation.
Location: Washington, DC
Years of experience: 11-15 + years experience.
Duration: 9/30/18 +
Number of positions: 1
Interviews: Either phone or in-person.
Vulnerability Management Program Manager (VMPM) responsible for implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) and remediated.
The OCTO City of Washington DC, Vulnerability Management Program Manager (VMPM) is responsible for the implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) during cooperative routine scanning, on demand scanning, and as part of the Change Control Board (CCB) process. The VMPM will then work with system owners and stakeholders to remediate findings. The VMPM will develop intra and extra organizational communication, and implement the Policies, Processes and Procedures that support the Vulnerability Management Program. The outcome of these processes is that the VMPM will provide a District wide view of current and remediated vulnerabilities across all District Agency endpoints and servers and track the waiver and risk mitigation process.
Analyze current vulnerability management tools for network scanning and static code analysis and determine how to best leverage tools to support the Vulnerability Management Program.
Review new vulnerabilities as they are disclosed and perform proactive assessment of the environment for network, systems and applications as applicable.
Work with Server and Desktop engineers to develop and maintain baseline images.
Participate in the Change Advisory Board and represent the Go/NO-GO position for the CISO based on Vulnerability Management remediation.
Perform static code analysis using supplied tools on an as-required basis.
Perform network scanning using supplied tools on an as-required and scheduled basis.
Perform passive application assessments using supplied tools on an as-required and scheduled basis
Prepare and deliver comprehensive assessments that explain risk, demonstrate findings, and offer tactical and strategic recommendations to stakeholders
Provide weekly reports for inclusion in the District Cyber Security Report.
Coordinate and perform quarterly cooperative Agency Vulnerability Management and report results as appropriate.
Manage and maintain assessment platforms.
Specific knowledge, skills, and abilities required by the incumbent to successfully fulfill the Major Duties and perform the Tasks required for this position include:
3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools.
3-5 years demonstrated operational implementation and use of Application security assessment tools e.g Rapid7 Appspider, Trustwave, Fortify
Demonstrated understanding of DEVOPS and SECDEVOPS as it applies to and support lifecycle development and secure coding techniques.
Able to explain Application vulnerabilities to programmers and application owners
B.A. or B.S. degree in Computer Science, Information Systems or 6 years of equivalent experience in a related field. This position requires a minimum of 5 years of experience.
At least 3 years of specialized experience in defining computer security requirements for high-level applications, evaluating approved security product capabilities, and developing solutions to Multi level Security problems.
Security+ Certification, CEH or similar desired.
Tool specific certification (Rapid7, Nessus, Parasoft, Fortify, WSUS, BF, SCCM, Heat, Sattelite) desired.
Question: Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question: Please list candidates email address that will be used when submitting E-RTR.
Question: There are no reimbursable expenses. Do you accept this requirement?
Question: Please describe your candidates 3-5 years demonstrated operational implementation and use of Fortify and ParaSoft static code analysis tools.
Question: Please describe your candidates 3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools.
Question: Please describe your Demonstrated proficiency with HEAT and SATELLITE patch management tools for Windows and Unix environment patching.
quick Apply this job - It takes < 1 min to Apply!
|Hello, Hope you are doing good, please find the below requirements and let me know if you have any consultants av..|
|Oracle PLSQL Development Skills with expertise in creation of Procedure, Packages, functions and Triggers.Must have data..|
|Title : Angular5 DeveloperLocation : RTP, NCDuration : 6+ MonthsDescription :Angular 5/Development a..|
|DescriptionPosition Summary• Very Strong engineering skills. Should have an analytical approach and have good pr..|
|Job Description, Required Skills, Education, Experience:Introduction:The SRE (Infrastructure & Tools) group is l..|
|Position: Java Fullstack developerDuration 12 MonthsJob Descriptions:• Needs to have Angular 2+ experience<b..|
|Job Type: Consultant to HireLocation: Union, New JerseyTravel: 0-5%Reports to: Application Development Manag..|
|Job Title: Enterprise Quality assuranceLocation : Union City, NJDuration: 6+ monthsExperience: 8+ years han..|
|Role: Business AnalystJob Description:BA Responsibilities include but are not limited to the following:Proje..|
|General Requirements: Experience: 8+ years hands-on software quality assurance with a minimum 4 years of Selenium tes..|