VULNERABILITY MANAGEMENT SYSTEMS ANALYST

Vulnerability Management Systems Analyst - Consultant

Interview Process: One Round of Virtual Interviews, potential for second round of in-person interviews

Duration of the Contract: 12 Months

Possibility for Extension: Yes

Work Location: Role is 100% remote

PREFERENCE WILL BE GIVEN TO A CANDIDATE WHO CAN WORK ONSITE OVER HYBRID AND OVER FULL-TIME REMOTE (ON-SITE AS NEEDED).

Candidate location: No SC Residency required. Open to nationwide candidates.

Additional Information: Preference will be given to candidates that are local to SC and are able to come onsite for project needs.

• Assist with the statewide vulnerability management program for Client.

• Administer vulnerability management platforms, configure policies, reporting, and services to support agencies.

• Analyze vulnerabilities, prioritize remediation, and document residual risks for agency systems.

• Provide training and guidance to agencies on vulnerability management practices.

• Support procurement, configuration, and utilization of vulnerability management tools.

• Develop POA&Ms with DIS staff and agencies to track remediation efforts against SLOs.

• Perform system criticality validation reviews with agencies to align severity levels and risk exposure.

• Provide regular reporting and communication to stakeholders regarding vulnerabilities and risks.

Required Skills:

• 5+ Years of Experience with vulnerability management tools (Qualys, Tenable, Rapid7).

• 5+ Years of Experience with architecting, deploying, configuring, and operating vulnerability management platforms.

• 5+ Years of Experience with Windows and Linux operating systems.

• 5+ Years of Experience with interpreting and applying CVSS ratings, POA&M tracking, and risk mitigation strategies.

Preferred Skills:

• Familiarity with standards such as PCI DSS, NIST, ITIL, CVSS, and MITRE ATT&CK.

• Experience in application security and automation/scripting (Python, PowerShell, Bash).

• Prior experience leading statewide or enterprise-wide vulnerability programs.

• Candidate is local to Columbia, SC or surrounding city in South Carolina

Required education/certifications:

• Bachelor''s degree in information technology or information security related field

• Eight years of relevant work experience may be substituted in lieu of education OR Five years of experience in supporting enterprise IT environments and/or system Deployments

Preferred Education/Certifications:

• CISSP, CISA, CISO or equivalent advanced security certification.

• Additional relevant certifications (e.g., CEH, OSCP, GPEN).