Vacancy expired!
About DMI
DMI (Digital Management, LLC.) is a global technology solutions company that specializes in digital strategy, design, transformation and support. Utilizing expertise from six unique DMI Groups, in the areas of AI & Analytics, Commerce, Experience, Managed Services, Transformation, and Government, DMI delivers intelligent digital transformation solutions that meet organizations where they are. Born digital, DMI has been delivering mission-critical, enterprise grade solutions since 2002 for over a hundred Fortune 1000 enterprises and all fifteen U.S. Federal Departments. DMI has grown to 2,000+ employees globally and has been continually recognized by top industry analysts as market leader as well as a Top Place to Work by the Washington Post. DMInc.com | Careers | Twitter | LinkedIn | Facebook About the Opportunity DMI (Digital Management, LLC.) is looking for a Vulnerability Assessment Analyst with project lead experience and hands-on engineering experience. The Vulnerability Assessment Analyst will be responsible for the planning, implementation, maintenance, and support of the vulnerability management program at for a State-Level Department of IT, Security Assessment Function. Duties and Responsibilities:- Daily oversight of vulnerability management program
- Serve as liaison between Security Assessment and Security Operation Center (SOC) functions on matters pertaining to vulnerability scanning for security assessment efforts
- Plan, execute, monitor and control, and successfully close vulnerability management projects/tasks
- Configure and schedule patch and secure configurations audit scan jobs (vulnerability scans)
- Maintain configurations of patch and secure configurations scan jobs i.e., asset lists, scan plugins, STIGs audit files, CIS Benchmarks audit files, scan credentials
- Troubleshoot and resolve failed patch and secure configurations scan jobs i.e., missing credentials, asset list updates, firewall issues
- Analyze patch and secure configurations audit scan results and identify and document technical and procedural vulnerability findings
- Research resolution strategies/measures for identified vulnerability findings and provide remediation/mitigation recommendations
- Identify false positive findings and determine and advise on the criteria for validating the findings i.e., required artifacts
- Prepare vulnerability management reports on the status of patch and secure configuration audit scans and associated remediation efforts
- Communicate status vulnerability management efforts to include regular scheduled reports and as well as ad hoc reports
- Ensure the vulnerability management platform maintains updated versions of secure configurations scans audit files i.e., proprietary vendor audit files, STIGs audit files, CIS Benchmarks audit files
- Ensure that vulnerability management services are operating as expected i.e., completeness of the of each scope scan jobs, timely completion of scan jobs, up-to-date patch audit plugins
- Ensure proper functioning of integrations between the vulnerability management platform and other tools such as asset management and risk management platforms
- Ensure and data updates from vulnerability management platforms to asset management and risk management platform are running as scheduled
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
- Development and implementation operational and technical vulnerability management policies
- Defining, developing, implementing, and processes and procedures for to support and maintain vulnerability management program
- At least five (5) years of experience with NIST Risk Management Framework (RMF) supporting technical assessment (vulnerability scans) of control implementations and continuous monitoring post-system Authority to Operate (ATO)
- At least three (3) years of hands-on experience in LAN Administration i.e., Hands-on administration of Windows OS and Linux OS, and hands-on basics administration of routers, switches, and firewalls.
- At least ftwo (2) years of hands-on experience with Tenable Security Center/ Nessus Scanners i.e., creating, maintaining, and running scan jobs and analyzing scan results
- At least two (2) years of hands-on experience executing, monitoring and controlling, and closing security assessment projects
- Associates or bachelor's degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering or related scientific or technical discipline.
- Ability to work outside of regular business hours, the role may require on-call support after regular business hours or weekends.
- At least 1 security management industry certifications such as Sec+, CySA+, etc.
- Self-starter, able to gather requirements, plan, execute system deployment efforts.
- Able to perform conduct vulnerability assessment of technical security controls, identify and validate findings, research resolutions, and provide remediation/mitigation recommendations.
- LAN administration experience, particularly with Windows OS and Linux OS.
- Experience with the vulnerability management tools such as Tenable Security Center/Nessus Scanners, Web Inspect, DB Protect etc.
- Experience with Governance, Risk, and Compliance (GRC) platforms such as RSA Archer, ServiceNow GRC, CSAM
- Customer-oriented with excellent issue follow-through and resolution abilities.
- Excellent written and oral communication, and presentation skills.
- Ability to effectively work both autonomously as well as on a team.
- Outstanding interpersonal skills, strong work ethic, and self-motivated.
- Utilize tools and analytical skills to plan and execute technical changes.
- Relevant industry certification.
- Experience with the vulnerability management tools such as Tenable Security Center/Nessus Scanners, Web Inspect, DB Protect etc.
- Experience with ServiceNow Governance, Risk, and Compliance (GRC) platforms
- Experience with Window, Linux, Database, and Web Apps system administration.
- Experience in project task technical analysis, planning, and estimation.
- Experience with technology capabilities market research, technical analysis/review, and recommendation.
- Other relevant industry certifications such as Security +, CAP, CEH etc.
- Community - Blood drives, volunteering opportunities, Holiday parties, summer picnics, Tech Chef, Octoberfest just to name a few ways DMI comes together as a community.
- Convenience/Concierge - Virtual visits through health insurance, pet insurance, commuter benefits, discount tickets for movies, travel and many other items to provide convenience.
- Development - Annual performance management, continuing education and tuition assistance, internal job opportunities along with career enrichment and advancement to help each employee with their professional and personal development.
- Financial - Generous 401k match for both pre-tax and post-tax (ROTH) contributions along with financial wellness education, EAP, Life Insurance and Disability help provide financial stability for each DMI employee.
- Recognition - Great achievements do not go unnoticed by DMI through Annual Awards ceremony, service anniversaries, peer-to-peer acknowledgement through Give-A-Wow, employee referral bonuses.
- Wellness - Healthcare benefits, Wellness programs, Flu Shots, Biometric screenings, on-site lactation rooms provide employees with several wellness options.
Vacancy expired!