Vulnerability Prog. Analyst - Senior

Find latest similar jobs
Apply Now
Sign up for similar job alert!
Job ID :
10554
Company :
DC Government
Location :
WASHINGTON, DC
Type :
Contract
Duration :
9/30/18 +
Salary :
open
Status :
Active
Openings :
1
Posted :
15 Nov 2017
Job Seekers, Please send resumes to resumes@hireitpeople.com
Job Description:

Vulnerability Management Program Manager (VMPM) responsible for implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) and remediated.

Major Duties:

The OCTO City of Washington DC, Vulnerability Management Program Manager (VMPM) is responsible for the implementation of a City Wide Vulnerability Management Program that will ensure IT System Vulnerabilities are found (through the use of Vulnerability Management Software) during cooperative routine scanning, on demand scanning, and as part of the Change Control Board (CCB) process.  The VMPM will then work with system owners and
stakeholders to remediate findings.  The VMPM will develop intra and extra organizational communication, and implement the Policies, Processes and Procedures that support the Vulnerability Management Program. The outcome of these processes is that the VMPM will provide a District wide view of current and remediated vulnerabilities across all District Agency endpoints and servers and track the waiver and risk mitigation process.

Responsibilities/Duties:
  • Analyze current vulnerability management tools for network scanning and static code analysis and determine how to best leverage tools to support the Vulnerability Management Program.
  • Participate in the CCB and represent the Go/NO-GO position for the CISO based on Vulnerability Management remediation.
  • Perform static code analysis using supplied tools on an 'as-required' basis.
  • Perform network scanning using supplied tools on an 'as-required' and scheduled basis.
  • Provide weekly reports for inclusion in the District Cyber Security Report.
  • Coordinate and perform quarterly cooperative Agency Vulnerability Management and report results as appropriate.
  • Analyzes and defines security requirements for Multi-level Security issues. Designs, develops, engineers, and implements solutions to Multi-level Security.
Contract Labor Category Description:

Responsibilities:
  • Determines enterprise information assurance and security standards.
  • Develops and implements information assurance/security standards and
  • procedures.
  • Coordinates, develops, and evaluates security programs for an organization. Recommends information assurance/security solutions to support customers' requirements.
  • Identifies, reports, and resolves security violations.
  • Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
  • Supports customers at the highest levels in the development and implementation of doctrine and policies.
  • Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
  • Performs analysis, design, and development of security features for system architectures.
  • Analyzes and defines security requirements for computer systems, which may include mainframes, workstations, and personal computers.
  • Designs, develops, engineers, and implements solutions that meet security requirements.
  • Provides integration and implementation of the computer system security solution.
  • Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.
  • Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
  • Ensures that all information systems are functional and secure.
Minimum Education/Certification Requirements:

  • Bachelor's degree in Information Technology or related field or equivalent experience.
Skills:
  • 11-15 yrs developing, maintaining, and recommending enhancements to IS policies/requirements.
  • 11-15 yrs performing vulnerability/risk analyses of computer systems/apps.
  • 11-15 yrs identifying, reporting, and resolving security violations.
  • Bachelor's degree in IT or related field or equivalent experience.
SKILLS:

 

SKILL

YEARS USED

LAST USED

Overall IT Exp. (11-15
+ yrs.)   

 

 

Education:

 

 

Certifications:

 

 

11-15 yrs. developing, maintaining, and recommending  enhancements to IS policies/requirements. Not Required. 11 Years.

 

 

11-15 yrs. performing vulnerability/risk analyses of computer systems/apps. Not Required. 11 Years.

 

 

11-15 yrs.  identifying, reporting, and resolving security violations. Not Required. 11 Years.

 

 

11-15 years of technical experience in the IT System Management. Required. 11 Years.

 

 

3-5 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools. Required. 3 Years.

 

 

3-5 years demonstrated operational implementation and use of Fortify and ParaSoft static code analysis tools. Required. 3 Years.

 

 

Demonstrated proficiency with Microsoft Vulnerability Management (WSUS, BF, SCCM,) including distributed branch caching. Required. 3 years.

 

 

Demonstrated proficiency with HEAT and SATELLITE patch management tools for Windows and Unix environment patching. Required. 5 Years.

 

 

Demonstrated understanding of DEVOPS and SECDEVOPS as it applies to and support lifecycle development  and secure coding techniques. Required. 3 Years.

 

 

B.A. or B.S. degree in Computer Science, Information systems or 6 years of equivalent experience in a related field. Highly desired.

 

 

Industry Specific (Security+, CEH, CISSP) or tool specific certification (Rapid7, Nessus, Parasoft, Fortify, WSUS, BF, SCCM, Heat, Sattelite) desired. Highly desired.

 

 

Client Services
Job Seekers
Visa Sponsorship