Threat Management - Vulnerability Management Specialist

Role: Threat Management - Vulnerability Management Specialist

Location: Brooklyn, NY(Hybrid-3 days in a week onsite)

Duration: 24 Months

Job Description

The Threat Management - Vulnerability Management Specialist is essential to client Cyber Commands Vulnerability Management program and its ability to defend City systems from cyber threat including direct support of public safety, revenue generating, and City operations that provide everyday services to citizens.

The resource will contribute to client Cyber Command's ability to issue timely vulnerability notifications and prioritized system patching info. Without timely vulnerability notification and patching, the City cannot effectively adjust its defensive controls and reduce it's attack surface resulting in the increased likelihood of cyber events that may require costly remediation efforts.

The threat to the City's attack surface has only continued to grow due to a 40% increase of vulnerabilities in the technology used across the City agencies. These vulnerabilities are leveraged by attackers to commit malicious events such as information theft and ransomware.

VM requires this additional MWBE resource to address:

Current staffing shortage

Increased capacity needs due to vulnerability increases from industry wide 40% increase, agency scanner and agent deployment, container scanning.

MANDATORY SKILLS/EXPERIENCE

Note: Candidates who do not have the mandatory skills will not be considered

• At least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability intel analysis, vulnerability management scan result analysis, Excel
• Strong knowledge of CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations
• Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk
• Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation
• Experience conducting intel research around CVE's, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers
• Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks
• Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables

DESIRABLE SKILLS/EXPERIENCE:

• Provide oral and written reports on vulnerability risk to the team and possibly agencies' technical stakeholders
• Ability to evaluate the current threat landscape that includes tactics, techniques and procedures
• Work with agencies to evangelize the OTI Cyber Command program around areas of cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues
• Experience using Tableau for reporting and analysis purposes
• Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc.
• Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.
• Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
• Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5, Microsoft, Unix/Linux, etc.
• Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures.
• Extensive experience with Windows and Linux Servers
• Exceptional written and oral communication skills
• Exceptional organizational and analytical skills
• Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)