We are looking for a Jr. Vulnerability Assessment Analyst with project lead experience and hands-on engineering experience. The Vulnerability Assessment Analyst will be responsible for the planning, implementation, maintenance, and support of the vulnerability management program for a state-level department of IT, Security Assessment Function. Duties and Responsibilities:Daily oversight of vulnerability management programServe as liaison between Security Assessment and Security Operation Center (SOC) functions on matters pertaining to vulnerability scanning for security assessment effortsPlan, execute, monitor, control, and successfully close vulnerability management projects/tasksConfigure and schedule patch and secure configurations audit scan jobs (vulnerability scans)Maintain configurations of patch and secure configurations scan jobs, i.e., asset lists, scan plugins, STIGs audit files, CIS Benchmarks audit files, and scan credentialsTroubleshoot and resolve failed patch and secure configurations scan jobs, i.e., missing credentials, asset list updates, firewall issuesAnalyze patch and secure configurations audit scan results and identify and document technical and procedural vulnerability findingsResearch resolution strategies/measures for identified vulnerability findings and provide remediation/mitigation recommendationsIdentify false positive findings and determine and advise on the criteria for validating the findings i.e., required artifactsPrepare vulnerability management reports on the status of patch and secure configuration audit scans and associated remediation effortsCommunicate status vulnerability management efforts to include regular scheduled reports and as well as ad hoc reportsEnsure the vulnerability management platform maintains updated versions of secure configurations scans audit files i.e., proprietary vendor audit files, STIGs audit files, CIS Benchmarks audit filesEnsure that vulnerability management services are operating as expected i.e., completeness of the of each scope scan jobs, timely completion of scan jobs, up-to-date patch audit pluginsEnsure proper functioning of integrations between the vulnerability management platform and other tools such as asset management and risk management platformsEnsure and data updates from vulnerability management platforms to asset management and risk management platform are running as scheduledMaintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.Development and implementation operational and technical vulnerability management policiesDefining, developing, implementing, and processes and procedures for to support and maintain vulnerability management program
