Job Title: Vulnerability Management Analyst
Location: Crownsville, Maryland
Type: 3 Month Contract
Compensation: $65.00/hr. W2. Benefits available
Contractor Work Model: Remote - Occasional on-site meetings
Hours: 40.0 per week
Security Clearance: U.S. Citizenship required

We’re seeking a Vulnerability Management Analyst with project lead experience and hands-on engineering experience. The Sr. Vulnerability Assessment Analyst will be responsible for the planning, implementation, maintenance, and support of the vulnerability management program for a State-Level Department of IT, Security Assessment Function. This is a short–term, 3–month contract for surge support.

Duties and Responsibilities:

• Daily oversight of vulnerability management program
• Serve as liaison between Security Assessment and Security Operation Center (SOC) functions on matters about vulnerability scanning for security assessment efforts
• Plan, execute, monitor, and control, and successfully close vulnerability management projects/tasks
• Configure and schedule patch and secure configurations audit scan jobs (vulnerability scans)
• Maintain configurations of patch and secure configurations scan jobs, i.e., asset lists, scan plugins, STIGs audit files, CIS Benchmarks audit files, scan credentials
• Troubleshoot and resolve failed patch and secure configurations scan jobs, i.e., missing credentials, asset list updates, firewall issues
• Analyze patch and secure configurations, audit scan results, and identify and document technical and procedural vulnerability findings
• Research resolution strategies/measures for identified vulnerability findings and provide remediation/mitigation recommendations
• Identify false positive findings and determine and advise on the criteria for validating the findings, i.e., required artifacts
• Prepare vulnerability management reports on the status of patch and secure configuration audit scans, and associated remediation efforts
• Communicate status vulnerability management efforts to include regular scheduled reports, as well as ad hoc reports
• Ensure the vulnerability management platform maintains updated versions of secure configuration scans, audit files, i.e., proprietary vendor audit files, STIGs audit files, CIS Benchmarks audit files
• Ensure that vulnerability management services are operating as expected, i.e., completeness of each scope scan job, timely completion of scan jobs, and up-to-date patch audit plugins
• Ensure proper functioning of integrations between the vulnerability management platform and other tools, such as asset management and risk management platforms
• Ensure that data updates from vulnerability management platforms to the asset management and risk management platforms are running as scheduled
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Development and implementation of operational and technical vulnerability management policies
• Defining, developing, implementing, and documenting processes and procedures to support and maintain the vulnerability management program

• At least five (12) years of experience with NIST Risk Management Framework (RMF) supporting technical assessment (vulnerability scans) of control implementations and continuous monitoring post-system Authority to Operate (ATO)
• At least ten (10) years of hands-on experience in LAN Administration, i.e., Hands-on administration of Windows OS and Linux OS, and hands-on basic administration of routers, switches, and firewalls.
• At least five (5) years of hands-on experience with Tenable Security Center/ Nessus Scanners, i.e., creating, maintaining, and running scan jobs and analyzing scan results
• At least five (5) years of hands-on experience planning, executing, monitoring and controlling, and closing security assessment projects
• Associates or bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering, or related scientific or technical discipline.
• Ability to work outside of regular business hours, the role may require on-call support after regular business hours or weekends.

• At least 1 security management industry certification, such as CISSP, CISM, CISA, CRISC, etc.
• Self-starter, able to gather requirements, plan, and execute system deployment efforts.
• Able to perform vulnerability assessment of technical security controls, identify and validate findings, research resolutions, and provide remediation/mitigation recommendations.
• Experience with vulnerability management tools such as Tenable One, Security Center/Nessus Scanners, Tenable.io, Web Inspect, DB Protect, etc.
• LAN administration experience, particularly with Windows OS and Linux OS.
• Experience with vulnerability management tools such as Tenable Security Center/Nessus Scanners, Web Inspect, DB Protect, etc.
• Experience with Governance, Risk, and Compliance (GRC) platforms such as RSA Archer, ServiceNow GRC, CSAM
• Customer-oriented with excellent issue follow-through and resolution abilities.
• Excellent written and oral communication and presentation skills.
• Ability to effectively work both autonomously and on a team.
• Outstanding interpersonal skills, strong work ethic, and self-motivated.
• Utilize tools and analytical skills to plan and execute technical changes.
• Relevant industry certification.

• Experience with vulnerability management tools such as Tenable One, Security Center/Nessus Scanners, Tenable.io, Web Inspect, DB Protect, etc.
• Experience with ServiceNow Vulnerability Response and Governance, Risk, and Compliance (GRC) modules.
• Experience with Windows, Linux, Database, and Web Apps system administration.
• Experience in project task technical analysis, planning, and estimation.
• Experience with technology capabilities market research, technical analysis/review, and recommendation.
• Other relevant industry certifications such as Security +, CAP, CEH etc.
• Location: Remote (Must live within a commutable distance to Crownsville, MD)
• Min. Citizenship Status Required: U.S Citizenship

System One, and its subsidiaries including Joulé and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.

#M-MM1
#LI-MM1
Ref: #856-Baltimore-S1

System One, and its subsidiaries including Joulé, ALTA IT Services, TeamPeople, and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.