|Job Title :||Vulnerability Prog. Analyst - Senior|
|Job Ref No :||24481-1243|
|Job Posted Date :||1/5/2018|
|Job State :||District of Columbia|
|Job City :||Washington|
|Who Can Apply :||US Citizens, GC, EAD, TN, H1B|
|No of Openings :||1|
|Skills Required :||,|
Job Description :
JOB ID: Vulnerability Prog. Analyst - Senior (521928).
Rate may vary depending on candidate preference for either w-2 (benefits or no benefits) or must have a LLC limited liability corporation.
Location: Washington, DC
Years of experience: 11-15 + years experience.
Duration: 9/30/18 +
Number of positions: 1
Interviews: Either phone or in-person.
Vulnerability Management Program Manager (VMPM) responsible for implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) and remediated.
The OCTO City of Washington DC, Vulnerability Management Program Manager (VMPM) is responsible for the implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) during cooperative routine scanning, on demand scanning, and as part of the Change Control Board (CCB) process. The VMPM will then work with system owners and stakeholders to remediate findings. The VMPM will develop intra and extra organizational communication, and implement the Policies, Processes and Procedures that support the Vulnerability Management Program. The outcome of these processes is that the VMPM will provide a District wide view of current and remediated vulnerabilities across all District Agency endpoints and servers and track the waiver and risk mitigation process.
Analyze current vulnerability management tools for network scanning and static code analysis and determine how to best leverage tools to support the Vulnerability Management Program.
Review new vulnerabilities as they are disclosed and perform proactive assessment of the environment for network, systems and applications as applicable.
Work with Server and Desktop engineers to develop and maintain baseline images.
Participate in the Change Advisory Board and represent the Go/NO-GO position for the CISO based on Vulnerability Management remediation.
Perform static code analysis using supplied tools on an as-required basis.
Perform network scanning using supplied tools on an as-required and scheduled basis.
Perform passive application assessments using supplied tools on an as-required and scheduled basis
Prepare and deliver comprehensive assessments that explain risk, demonstrate findings, and offer tactical and strategic recommendations to stakeholders
Provide weekly reports for inclusion in the District Cyber Security Report.
Coordinate and perform quarterly cooperative Agency Vulnerability Management and report results as appropriate.
Manage and maintain assessment platforms.
Specific knowledge, skills, and abilities required by the incumbent to successfully fulfill the Major Duties and perform the Tasks required for this position include:
3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools.
3-5 years demonstrated operational implementation and use of Application security assessment tools e.g Rapid7 Appspider, Trustwave, Fortify
Demonstrated understanding of DEVOPS and SECDEVOPS as it applies to and support lifecycle development and secure coding techniques.
Able to explain Application vulnerabilities to programmers and application owners
B.A. or B.S. degree in Computer Science, Information Systems or 6 years of equivalent experience in a related field. This position requires a minimum of 5 years of experience.
At least 3 years of specialized experience in defining computer security requirements for high-level applications, evaluating approved security product capabilities, and developing solutions to Multi level Security problems.
Security+ Certification, CEH or similar desired.
Tool specific certification (Rapid7, Nessus, Parasoft, Fortify, WSUS, BF, SCCM, Heat, Sattelite) desired.
Question: Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question: Please list candidates email address that will be used when submitting E-RTR.
Question: There are no reimbursable expenses. Do you accept this requirement?
Question: Please describe your candidates 3-5 years demonstrated operational implementation and use of Fortify and ParaSoft static code analysis tools.
Question: Please describe your candidates 3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools.
Question: Please describe your Demonstrated proficiency with HEAT and SATELLITE patch management tools for Windows and Unix environment patching.
quick Apply this job - It takes < 1 min to Apply!
|JOB ID: .Net Programmer (524955).Interview: Phone and may require in-person.Location: Little Rock, AR Durat..|
|Job ID: DIS z/OS DB2 DBA (DBA3 SC3) (526634).Interview: Phone and may require in-person.Location: Little Rock,..|
|JOB ID: Full Stack DeveloperInterview: Phone/skype for out of town candidates. Will require in-personfor local ..|
|JOB ID: UI DeveloperInterview: Phone/skype for out of town candidates. Will require in-personfor local candidat..|
|JOB ID: Software Test Analyst 2 (524888)Rate may vary depending on candidate preference for either w-2 (benefits or..|
|JOB ID: Program ManagerLocation: Mountain View, CAExperience: 3-6 years plus. Duration: 01/22/2018 to 04/..|
|JOB ID: MDOS - Programmer 6 (525815).Rate may vary depending on candidate preference for either w-2 (benefits or<br..|
|Job Title: JAVA DEVELOPERLocation: Sunnyvale,CA(local Only)Duration: long termJob Description:PR..|
|JOB ID: Sr. AWS/NodeJS DeveloperLocation: Portland, Oregon. (For positions in Portland, OR try to find candidates i..|
|JOB ID: QA Automation EngineerLocation: Columbia, MD (between Baltimore, MD and Washington, DC)Years of experie..|