Job Details: Vulnerability Prog. Analyst - Senior


Job Title : Vulnerability Prog. Analyst - Senior
Job Ref No : 24481-1243
Job Posted Date : 1/5/2018
Job State : District of Columbia
Job City : Washington
Who Can Apply : US Citizens, GC, EAD, TN, H1B
No of Openings : 1
Skills Required : ,

Job Description :


JOB ID: Vulnerability Prog. Analyst - Senior (521928).
Rate may vary depending on candidate preference for either w-2 (benefits or no benefits) or must have a LLC limited liability corporation.
Location: Washington, DC
Years of experience: 11-15 + years experience.
Duration: 9/30/18 +
Number of positions: 1
Interviews: Either phone or in-person.

Job Description:
Vulnerability Management Program Manager (VMPM) responsible for implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) and remediated.

Major Duties:

The OCTO City of Washington DC, Vulnerability Management Program Manager (VMPM) is responsible for the implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) during cooperative routine scanning, on demand scanning, and as part of the Change Control Board (CCB) process. The VMPM will then work with system owners and stakeholders to remediate findings. The VMPM will develop intra and extra organizational communication, and implement the Policies, Processes and Procedures that support the Vulnerability Management Program. The outcome of these processes is that the VMPM will provide a District wide view of current and remediated vulnerabilities across all District Agency endpoints and servers and track the waiver and risk mitigation process.
Responsibilities/Duties:
Analyze current vulnerability management tools for network scanning and static code analysis and determine how to best leverage tools to support the Vulnerability Management Program.
Review new vulnerabilities as they are disclosed and perform proactive assessment of the environment for network, systems and applications as applicable.
Work with Server and Desktop engineers to develop and maintain baseline images.
Participate in the Change Advisory Board and represent the Go/NO-GO position for the CISO based on Vulnerability Management remediation.
Perform static code analysis using supplied tools on an as-required basis.
Perform network scanning using supplied tools on an as-required and scheduled basis.
Perform passive application assessments using supplied tools on an as-required and scheduled basis
Prepare and deliver comprehensive assessments that explain risk, demonstrate findings, and offer tactical and strategic recommendations to stakeholders
Provide weekly reports for inclusion in the District Cyber Security Report.
Coordinate and perform quarterly cooperative Agency Vulnerability Management and report results as appropriate.
Manage and maintain assessment platforms.

Specific Skills

Specific knowledge, skills, and abilities required by the incumbent to successfully fulfill the Major Duties and perform the Tasks required for this position include:
3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools.
3-5 years demonstrated operational implementation and use of Application security assessment tools e.g Rapid7 Appspider, Trustwave, Fortify
Demonstrated understanding of DEVOPS and SECDEVOPS as it applies to and support lifecycle development and secure coding techniques.
Able to explain Application vulnerabilities to programmers and application owners

Education/Certification

B.A. or B.S. degree in Computer Science, Information Systems or 6 years of equivalent experience in a related field. This position requires a minimum of 5 years of experience.
At least 3 years of specialized experience in defining computer security requirements for high-level applications, evaluating approved security product capabilities, and developing solutions to Multi level Security problems.
Security+ Certification, CEH or similar desired.
Tool specific certification (Rapid7, Nessus, Parasoft, Fortify, WSUS, BF, SCCM, Heat, Sattelite) desired.

Questions:
Question: Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question: Please list candidates email address that will be used when submitting E-RTR.
Question: There are no reimbursable expenses. Do you accept this requirement?
Question: Please describe your candidates 3-5 years demonstrated operational implementation and use of Fortify and ParaSoft static code analysis tools.
Question: Please describe your candidates 3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools.
Question: Please describe your Demonstrated proficiency with HEAT and SATELLITE patch management tools for Windows and Unix environment patching.

Are you Looking for a IT Training or IT Job?

Quick Apply this Job!

(doc, docx, rtf, pdf, txt were Acceptible)

quick Apply this job - It takes < 1 min to Apply!

Related Jobs

Immediate Hiring Senior / Mid-level ..

We are hiring Senior & Mid- level Experienced consultants on All IT software Technologies to join us in a fast-paced and..

Hiring JAVA, .NET, DEVOPS, Build & R..

We are Seeking Experienced Mid-level / Senior Level IT Software Developers like OPT’s, L2 EAD, H4 EAD, EAD, H1 transfe..

SAP BW HANA

BW on HANA, native HANA BO ABAP HANA SQL design Detailed Job Description Design and Deploy robust reporting solution in ..

Informatica Developer

• Looking for informatica Developer • Need experience in Performance Tuning• Excellent Communication skill..

MSBI Developer

• Experience in SSIS, SSRS, SSAS or MS Sql server tools.• Expertise in identification of Business & Data requirement..

Architect/Lead Microsoft Technolo..

Position: Solution Architect/Lead – Microsoft Technologies/Azure/Retail industry background Location: Portland, OR S..

Dot Net DEVELOPER

Responsibilities: • Design, development and implementation of organization critical applications (Web & Windows) ..

Core Java developers

Should have min of 4 years of experience Should have strong knowledge in Java and J2EE Should have work experience i..

NetSuite Enterprise Architect

Onsite Requirements: Worker will be required to work on site with the team. Working remotely will be very limited and m..

Android developer

Role: iOS Developer / Android DeveloperLocation: New York city, NYHire type:Con / FTESkills Required..