Senior Vulnerability Management Engineer
: Job Details :

Role: Senior Vulnerability Management Engineer Location: DC – Could also be remote / hybrid for the right candidate Job description The Vulnerability Management Engineer will support vulnerability remediation efforts for the client. Working knowledge of DevSecOps functionality a plus. As an Vulnerability Engineer you will support the customer in safeguarding networks against new threats, unauthorized modification, destruction, or disclosure as well as help in managing all aspects of an organization's information security system, for classified and unclassified systems, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches Requirements: At least 10 years of experience in vulnerability management, application security, or related information security domains. Strong experience in cross functional teams management, stakeholder and c-suite reporting, and be able to lead the program. At least 5 years of experience using SQL and/or Python to analyze vulnerability data and/or deliver operational metrics Experience testing and operating Azure, and/or AWS, Google. Azure experience highly preferred. Strong understanding of security frameworks and risk management Experience with security tools and technologies for vulnerability assessment Technical expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security Experience with vulnerability scanning and testing tools such as: Burp suite, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Net Sparker, DB Protect, App Detective, Prisma Cloud, Core Impact, Code DX and similar Experienced in vulnerability validation, Pre-Production, remediation, testing for false positives and vulnerability research skills Experience using at least one scripting language (e.g.: Perl, Python, PowerShell) Capable of performing trend and analysis of vulnerability scan data and preparation of weekly metrics for presentation to leadership Experience in Information Technology/Vulnerability Management/Cybersecurity Demonstrate deep technical knowledge in the management and configuration of operating systems, networks, and software including knowledge of OS authentication mechanisms, permissions, and a solid understanding of networking Demonstrate depth of understanding of a variety of operating system and software vulnerabilities Demonstrate broad security experience, which must include vulnerabilities, risks, and security mechanisms that are common in today's government systems Responsibilities: As an information systems security engineer (ISSE), you will support the customer in safeguarding networks against unauthorized modification, destruction, or disclosure. Activities not limited to, Conduct risk analyses and writes documents including Plan of Action and Milestones, System Security Plans, System Specific Policies and Procedures, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses Providing technical expertise in implementation of technical security controls in cloud environments – Specifically Azure Conducting risk analyses from vulnerability, compliance scans, pen testing results, or other audit activity; writes including but not limited to Plan of Action and Milestones, System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses Leading cross teams and stakeholder communication Certifications: Relevant CISSP / CCSP, AWS-SEC, MCASEA etc