Vulnerability Management Analyst
Location: Fort Worth-Texas Local only
Contract Length: Contract 2 Hire
Work Authorizations Allowed: - NO H1B
Required Test: LIVE CODING / PROBLEM SOLVING
Specifically, You’ll Do The Following
- Performs discovery scanning via the Vulnerability Management Platform (scheduled and ad-hoc)
- Performs Vulnerability Risk assessments to prioritize critical vulnerabilities
- Provides gap analysis to compare the list of known resources so gaps can be investigated and owners identified
- Identifies resource types (e.g. router, desktop computer, server, network switch, firewall, etc.), operating systems, and whether active services are "Enterprise" level
- Provide guidance and recommendation to engineers and developers on how to remediate security vulnerabilities
- Populates data visualization tool (such as Tableau, Nucleus, etc.) for reporting vulnerability metrics by system and owner
Qualifications
Required Qualifications
- Bachelor’s degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS/MIS), Engineering or related technical discipline, or equivalent experience/training
- 3 years of hands-on technical security engineering experience
- Certifications: CISSP, CISM, CISA, CEH, GCIH, GSEC, GCFA, GREM, CCENT
- Ability to install, configure, troubleshoot, and administer VM Platform(s). (Ex.Tanium, Tenable, Coverity, Brinqa, etc.)
- Experience with Tanium programming or creating custom configurations within Tanium
- Experience with dynamic and static code analysis experience (e.g. QualysWAS, SAST tools, Tenable)
- Experience with security configuration checklists (e.g. CIS Benchmarks and CSA security guidance)
- Familiarity with NIST Special Publications (e.g. 800-171,800-53, CSF)
- Familiarity with PCI DSS Compliance standards and scanning practices
- Ability to code and script Python, SQL, BASH, or PowerShell
- Ability to configure and use technical assessment tools such as Tanium Comply and Tenable Nessus
- Deep understanding of the technical architecture of IT systems built using Windows, UNIX, Linux, Solaris, VMware, Citrix, Oracle, and MySQL platforms
- Experience and knowledge in cloud and Kubernetes environments. (Azure Kubernetes Service, IBM Kubernetes service, Oracle Cloud Infrastructure, etc..)
- Experience in DevOps Toolchain methodologies, including Continuous Integration and Continuous Deployment
Preferred Qualifications
- 5+ years of hands-on technical security engineering experience
- Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups; strong
- presentation and technical documentation skills
- Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
- Ability to work well within a team environment, as well as independently