Mid Vulnerability Management Engineer

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must possess public trust and pass FDIC/BC process.

Candidate will be responsible for the vulnerability management and continuous monitoring of the client enterprise, meeting with and educating clients on the risks associated and providing meaningful vulnerability remediation guidance. Additional responsibilities include; overseeing monthly and quarterly scanning activities, reporting vulnerabilities to the client, and working with the client to facilitate vulnerability remediation. Analysis duties will include identifying false positives, maintaining signed risk acceptance form binders (quarterly), writing monthly continuous monitoring and quarterly executive level reports that summarize the vulnerability inventory of the client enterprise and formulating long-term strategic vulnerability remediation guidance (root cause analysis).

Oversee and conduct monthly scanning activities (Foundstone, Nessus, RAT, etc.).
Report vulnerabilities and facilitate vulnerability remediation strategies with Points of Contacts (POCs).
Run, maintain and administer the Agiliance Threat & Vulnerability Manager (TVM) tool to include building custom queries and scripts to produce executive and management level vulnerability metric dashboards, reports and trending charts.
Identify false positives and risk acceptance candidates.

Requirements:
3 to 5+ years of experience in vulnerability management and vulnerability remediation guidance, specifically in the following areas:
- Windows or UNIX
- Cisco (IOS, PIX)
- Oracle, SQL
In depth familiarity with Windows and UNIX operating systems (Cisco IOS is a plus).
Excellent written and oral communication skills.
Self motivated and able to work in an independent manner.

Demonstrated Technical Experience with:
Windows Servers, Desktops, Laptops
UNIX Servers (Solaris, Red Hat Enterprise)
Network Switching and Routing (Cisco IOS & PIX)
Oracle and SQL Server Databases is a plus.
Structured Query Language (SQL) is a plus.
Python scripting is a plus

Technical Writing Experience:
Monthly management level reports
Quarterly executive level reports
Standard operating procedures documents
Formal policy and procedure documents

Other Qualifications:
Structured Query Language (SQL) is a plus.
Python scripting is a plus.
Familiarity with FIPS and NIST Special Publications.
Familiarity with vulnerability scanning tools, such as Foundstone (MVM), Nessus, RAT, Guardium, NGSSQuirreL, etc.
Database security hardening.
PMP, CISA, CISM, CISSP certification a plus.
Advanced degree in an IT related field a plus.
Working knowledge of firewalls and other network security products.
Familiarity of TCP/IP and associated protocols.
Familiarity with network Switching and Routing (particularly Cisco) and associated protocols.