Our direct client is looking for a Senior Cybersecurity Vulnerability Assessment Analyst in Trenton, NJ.
- Responsible for developing the effectiveness and leading the activities of the NJCCIC Vulnerability Management Team
- Responsible for researching, implementing, and configuring vulnerability assessment tools
- Supervise and conduct infrastructure and application vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools
- Analyze results and engage with information technology and security teams in order to resolve identified security vulnerabilities and deficiencies.
- Identify and resolve any false positive findings in assessment results.
- Produce metrics and reporting on the state of Executive Branch and individual agency securityinfrastructures, applications, and operations.
- Oversee Remediation Activities including:
1. Manage tracking and remediation of vulnerabilities by leveraging agreed upon action plans and timelines with vendors and support teams.
2. Schedule and facilitate meetings with vendors and support teams to review remediation status.
3. Validate remediation by reviewing vulnerability results and providing status updates
4. Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions.
5. Help key stakeholders with vulnerability remediation (researching how to fix, what patch to apply, what configuration change(s) to make, etc.)
- Actively participate in information security compliance reviews, audits and the remediation and mitigation of identified risks
- Drive continuous improvement of the cybersecurity program through identification of risk, recommendations for improvements, automation of alerts and remediation, and communication with key information security and information technology partners.
- Work with cross-functional teams to deliver an enterprise security posture that evolves with business, technological, and threatlandscape changes
- Develop and implement hunt techniques for the identification of threat actors across Executive Branch environments
- Provide subject matter expertise, leadership and coordination for the Vulnerability Management Team
- Assist with incident response activities as appropriate including triage, root cause analysis, kill chain analysis, escalations, notifications, communication, etc., and in accordance with the State’s Information Security Incident Response Plan
- Mentor and train other employees to improve their skills and effectiveness
- Assist with the development and management of the cybersecuritybudget
- Other information security duties as assigned
- Proven ability to perform infrastructure and application vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools
- Experience in Security metrics reporting demonstrating risk reduction, trending and overall security posture of the company in terms of vulnerability management
- Experience in othernetworkinfrastructuresecuritytechnologies (DLP, IDM, SIEM, Proxy, IDS/IPS, Firewalls, PKI, Multifactor authentication etc.) is a plus
- Experience reviewing 3rd party securityreports (SSAE16 SOC 1 and 2, penetration testing reports, SIG) against industry security standards (CSA, NIST, CIS, OWASP) as part of an overall vendor management program.
- Knowledge of system and application securitythreats and vulnerabilities, current and emerging threats/threat vectors, server and client operating systems (Windows, Unix, Mac OSX).
- Strong knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption), intrusion detection methodologies and techniques for detecting host- and network-based intrusions via intrusion detection technologies.
- Extensive experience with risk management processes, including steps and methods for assessing risk
- Knowledge of system and application securitythreats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, covert channel, replay, return-oriented attacks, malicious code).
- Extensive implementation experience with security and networking architecture, networking protocols, networksecurity design, wireless security, intrusion prevention/detection, and firewall architecture.
- Specific product experience that is desirable includes: Tenable Nessus, Rapid7 Nexpose and Metasploit, IBM Appscan, Burpsuite, Wireshark, etc.
- Knowledge of security frameworks including NIST, ISO 27001/2, etc.
- Proficiency in Microsoft software: Outlook, Word, Excel, PowerPoint, and Visio
- Strong written and verbal communication skills
- Must demonstrate effective, decision making, results delivery, team building, and the ability to stay current with relevant technologies, security tools and practices
- Ability to manage multiple projects, priorities and deadlines
- Ability to mentor other employees to improve their skills and effectiveness.
- Ability to design, resource, status, and complete projects on time and on budget independently, with minimal supervision.
- Demonstrated initiative, customer orientation, and team work competencies
- Adaptability, flexibility and ability to work as part of a team or in an individual capacity
- A minimum of Five (5) years of network and information securityexperience
- Relevant security certifications preferred (i.e. CISSP, CRISC, CEH, CISA, CISM, GPEN, etc.)
- BachelorDegree in computer science, engineering, information security or an equivalent combination of education, training, and experience.
(1) Has the candidate ever worked for the Client (Government of State of NJ)? Is yes, please provide: Agency Name, Start and End Date, In what capacity worked, Reason for Finishing work with the agency, Manager Name and Number?
(2) Client will perform Fingerprinting, Full State and Federal Background Check. Is your background check all clear?
Location: Trenton, NJ