Job Details: Vulnerability Prog. Analyst - Senior


Job Title : Vulnerability Prog. Analyst - Senior
Job Ref No : 24481-1243
Job Posted Date : 1/5/2018
Job State : District of Columbia
Job City : Washington
Who Can Apply : US Citizens, GC, EAD, TN, H1B
No of Openings : 1
Skills Required : ,

Job Description :


JOB ID: Vulnerability Prog. Analyst - Senior (521928).
Rate may vary depending on candidate preference for either w-2 (benefits or no benefits) or must have a LLC limited liability corporation.
Location: Washington, DC
Years of experience: 11-15 + years experience.
Duration: 9/30/18 +
Number of positions: 1
Interviews: Either phone or in-person.

Job Description:
Vulnerability Management Program Manager (VMPM) responsible for implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) and remediated.

Major Duties:

The OCTO City of Washington DC, Vulnerability Management Program Manager (VMPM) is responsible for the implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) during cooperative routine scanning, on demand scanning, and as part of the Change Control Board (CCB) process. The VMPM will then work with system owners and stakeholders to remediate findings. The VMPM will develop intra and extra organizational communication, and implement the Policies, Processes and Procedures that support the Vulnerability Management Program. The outcome of these processes is that the VMPM will provide a District wide view of current and remediated vulnerabilities across all District Agency endpoints and servers and track the waiver and risk mitigation process.
Responsibilities/Duties:
Analyze current vulnerability management tools for network scanning and static code analysis and determine how to best leverage tools to support the Vulnerability Management Program.
Review new vulnerabilities as they are disclosed and perform proactive assessment of the environment for network, systems and applications as applicable.
Work with Server and Desktop engineers to develop and maintain baseline images.
Participate in the Change Advisory Board and represent the Go/NO-GO position for the CISO based on Vulnerability Management remediation.
Perform static code analysis using supplied tools on an as-required basis.
Perform network scanning using supplied tools on an as-required and scheduled basis.
Perform passive application assessments using supplied tools on an as-required and scheduled basis
Prepare and deliver comprehensive assessments that explain risk, demonstrate findings, and offer tactical and strategic recommendations to stakeholders
Provide weekly reports for inclusion in the District Cyber Security Report.
Coordinate and perform quarterly cooperative Agency Vulnerability Management and report results as appropriate.
Manage and maintain assessment platforms.

Specific Skills

Specific knowledge, skills, and abilities required by the incumbent to successfully fulfill the Major Duties and perform the Tasks required for this position include:
3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools.
3-5 years demonstrated operational implementation and use of Application security assessment tools e.g Rapid7 Appspider, Trustwave, Fortify
Demonstrated understanding of DEVOPS and SECDEVOPS as it applies to and support lifecycle development and secure coding techniques.
Able to explain Application vulnerabilities to programmers and application owners

Education/Certification

B.A. or B.S. degree in Computer Science, Information Systems or 6 years of equivalent experience in a related field. This position requires a minimum of 5 years of experience.
At least 3 years of specialized experience in defining computer security requirements for high-level applications, evaluating approved security product capabilities, and developing solutions to Multi level Security problems.
Security+ Certification, CEH or similar desired.
Tool specific certification (Rapid7, Nessus, Parasoft, Fortify, WSUS, BF, SCCM, Heat, Sattelite) desired.

Questions:
Question: Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question: Please list candidates email address that will be used when submitting E-RTR.
Question: There are no reimbursable expenses. Do you accept this requirement?
Question: Please describe your candidates 3-5 years demonstrated operational implementation and use of Fortify and ParaSoft static code analysis tools.
Question: Please describe your candidates 3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools.
Question: Please describe your Demonstrated proficiency with HEAT and SATELLITE patch management tools for Windows and Unix environment patching.

Are you Looking for a IT Training or IT Job?

Quick Apply this Job!

(doc, docx, rtf, pdf, txt were Acceptible)

quick Apply this job - It takes < 1 min to Apply!

Related Jobs

Project Coordinator/Jr. Project Mana..

JOB ID: Project Coordinator/Jr. Project Manager (558325).Rate may vary depending on candidate preference for eithe..

PennDOT - Legacy SME1

JOB ID: PennDOT - Legacy SME1 (529744).Number of positions: 1Interview: This requisition requires onsite in-per..

Enterprise Architect 1/Accela

JOB ID: Enterprise Architect 1/Accela (558989).Rate may vary depending on candidate preference for either w-2 (ben..

DeDOS-GIC Programmer

JOB ID: DeDOS-GIC Programmer 4 (531476).Location: Dover, DEInterview: In-person onlyNote: Prefer candidate..

Sr. Java Developer

Title: Sr. Java DeveloperLocation: Westbrook, MaineDuration: Long termInterview: Phone, Skype and/or WebCa..

CastIron Developer

Title: CastIron DeveloperLocation: San Jose, CALocal candidates preferred. Interviews-2 rounds: Phone/Skyp..

Senior Application Software Engineer

Job Title: Senior Application Software EngineerJob Location: Redmond, WAProject Type: Non-Managed/ T&M (12+ mont..

Mulesoft Solution Architect

Job Title: Mulesoft Solution ArchitectLocation: Atlanta, GA Contract to hire. US Citizen or GCFulltime / W2..

Programmer Analyst

JOB ID: Programmer Analyst 3 (558154)Rate may vary depending on candidate preference for either w-2 (benefits or no..

OA/OIT- Senior SME

JOB ID: OA/OIT- Senior SME 2 (531144).Number of positions: 1Interview: This requisition requires onsite in-perso..