As a Cybersecurity Analyst III, the candidate will be responsible for vulnerability management, cyber threat identification, evaluation, prioritization, and remediation activities under the direction of the Cyber Security Manager. The candidate will continuously review existing and proposed protections to State of Maine systems, networks, and software designs, and is responsible for analyzing, logging alerting data, identifying, and escalating potential security events. The Cyber Security Analyst will partner with business users to support the integration of cybersecurity protections into business operations and will act as a key member of the Vulnerability Management team.
PRIMARY RESPONSIBILITIES:
- Deploy, manage, and maintain enterprise Cybersecurity toolsets
- Review new systems such as networks and software designs for security risks,recommending mitigations or countermeasures, and resolving integration issues.
- Have current and complete knowledge on the Vulnerability Management program toinclude having Application Scanning experience and an understanding ofenvironmental best practices.
- Be emersed in industry best practices and standards such as: Vulnerability LifeCycle, OWASP Top 10, NIST, CISA, SANS, CVSS Scoring.
- Develop, manage, and measure metrics to understand the trends, quality, andinsights from the vulnerability results to facilitate business decisions, automationdevelopment, and update of executive dashboards, reports, and templates.
- Assist team members with ticket queue management by taking responsibility for anddelegating tickets to the team.
- Provide a cybersecurity partnership with the business to ensure properimplementation of protections toward current and future projects.
- Under direction and per procedures, perform required tasks and coordinate with ITand Vulnerability Management team and SOC team members.
- Coordinate architecture and engineering activities with other IT teams as well asinternal organizations in an efficient and professional manner. Lead vulnerabilitymanagement efforts in the detection, triage, tooling expansion, data aggregation andreporting processes, tooling, and automation.
- Develop and manage ongoing process improvements and backlog to the entire scanprogram well coordinating globally to ensure success.
- Actively contribute to business architecture, requirements, reporting and analyticconfigurations, and processes, ticketing, and proposed roadmap tools.
- Develop cross-functional team relationships to become trusted point of contact andliaison for inquiries, subject matter expert coordinating all issues, capability gaps,and enhancement requests in the product.
- In this role, this position will assist the Security Operations Center in maturing anddeveloping a vulnerability program.
- This individual will work with key stakeholders to establish vulnerability and patchmanagement practices to ensure the execution of these functions tighten the securityposture within the State of Maine.
- Fill in other security functions as directed by the Security Operations Center Manager.
- Uses a reactive approach to security that focuses on prevention, detection, and remediations of vulnerabilities.
MINMUM QUALIFICATIONS:
Years of Relevant Experience: 10 years of information security experience, with a focus on risk analysis, vulnerability assessment, and security testing within an enterprise environment. The ideal candidate will have knowledge of Windows or Linux systems and their associated scripting (PowerShell, python, bash) languages, experience with AWS or Azure cloud environments, and will have worked with vulnerability and manual testing following OWASP Top 10 products such as Tenable Nessus, Rapid 7 InsightVM, HCL App Scan, MDVM, Qualys, Burp Suite, ZAP or similar. The ideal candidate will have experience in both application scanning and device vulnerability management procedures.
Preferred Education: 4-year college degree in computer science or a related field with advanced study preferred; One or more relevant technical security certifications are a plus (GIAC, ISC2, CompTIA, EC Counsil, etc.)
Top 3 Skills:
Vulnerability Management
Application Testing
Endpoint Security/Incident Response
Spruce Technology, Inc. is a mid-size, award-winning (Inc 5000, SmartCEO, Entrepreneur of the Year) technology services firm with a steadily growing portfolio of commercial and government clients. Spruce provides innovative technology solutions, specialized IT staff, and IT strategy consulting nationwide. Spruce maintains partnerships with major technology vendors and continually develops leading-edge offerings in service areas such as digital experience, data services, application development, infrastructure, cyber security, and IT staffing.
Spruce Technology, Inc. is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Consistent with the Americans with Disabilities Act, it is the policy of Spruce Technology, Inc. to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process.
All full-time employees are eligible for the following benefits:
Medical, dental, vision health benefits
Life Insurance and AD&D (paid by company)
401k, Flexible and Dependent Care Spending Account plans.
Paid-time Off or Paid Sick Leave (amount dependent on position level and if required by state).
