Cyber Command Vulnerability Management Specialist

Title: Cyber Command Vulnerability Management Specialist
Location: 11 MetroTech Center, 5th Floor, Brooklyn, NY
Client: Department of Information Technology Telecommunication—New York City

Note: 11 MetroTech Center, 5th Floor, Brooklyn, NY 11201 / 2 days per week remote

Job Description:

• Research, analyze and brief management and team members on relevant Risk, CVE’s, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations for various technologies
• Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools
• Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks
• Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk
• Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation
• Present succinct technical briefings to team members and customers for intel research, risk assessment, CVE’s, vendor hardware/software, industry trends
• Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks
  The ability to automate detection, reporting and tracking of vulnerabilities identified
• Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint
  Travel within NYC for various projects when necessary

Minimum Job-Specific Skills/Qualifications Required

• At least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability intel analysis, vulnerability management scan result analysis, Excel.
• Strong knowledge of CVE’s, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations
• Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk
• Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation
• Experience conducting intel research around CVE’s, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers
• Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks
• Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables

DESIRABLE SKILLS/EXPERIENCE:

• Provide oral and written reports on vulnerability risk to the team and possibly agencies’ technical stakeholders
• Ability to evaluate the current threat landscape that includes tactics, techniques and procedures
• Work with agencies to evangelize the OTI Cyber Command program around areas of cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning
  tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues
• Experience using Tableau for reporting and analysis purposes
• Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc.
• Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.
• Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
• Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5, Microsoft, Unix/Linux, etc.
• Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures.
• Extensive experience with Windows and Linux Servers
• Exceptional written and oral communication skills
• Exceptional organizational and analytical skills
• Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security
• Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH),
  Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)

If you are: bright, motivated, skilled, a difference-maker, able to get things done, work with minimum direction, enthusiastic, a thinker, able to juggle and multi-task, communicate effectively, and lead, then we would like to hear from you. We need exceptionally capable people for this role for our client, so get back to us and tell us why you think you are a fit.

About Us:

Since 2000, Tri-Force Consulting Services ( has been an MBE/SDB certified IT Consulting firm in the Philadelphia region. Tri-Force specializes in IT staffing, software development (web and mobile apps), systems integration, data analytics, system automation, cybersecurity, and cloud technology solutions for government
and commercial clients. Tri-Force works with clients to overcome obstacles such as increasing productivity, increasing efficiencies through automation, and lowering costs. Our clients benefit from our three distinguishing core values: integrity, diligence, and technological excellence. Tri-Force is a six-time winner among the fastest-growing companies in Philadelphia and a four-time winner on the Inc. 5000 list of the nation's fastest-growing companies.