Overview
Skills
Job Details
SCOPE OF SERVICES |
The Cyber Command Threat Management division within OTI requires a Vulnerability Management Specialist to serve as a subject matter expert for vulnerability management: Tasks Research, analyze and brief management and team members on relevant Risk, CVE s, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations for various technologies Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation Present succinct technical briefings to team members and customers for intel research, risk assessment, CVE s, vendor hardware/software, industry trends Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks The ability to automate detection, reporting and tracking of vulnerabilities identified Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint Travel within NYC for various projects when necessary
|
MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered |
|
DESIRABLE SKILLS/EXPERIENCE: Provide oral and written reports on vulnerability risk to the team and possibly agencies technical stakeholders Ability to evaluate the current threat landscape that includes tactics, techniques and procedures Work with agencies to evangelize the OTI Cyber Command program around areas of cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues Experience using Tableau for reporting and analysis purposes Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc. Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS. Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5, Microsoft, Unix/Linux, etc. Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures. Extensive experience with Windows and Linux Servers Exceptional written and oral communication skills Exceptional organizational and analytical skills Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT) |