Cybersecurity Vulnerability Engineer

Employer

Job Description

Job # 178150BR


This position is CONTINGENT upon funding, an open position, customer approval, completion of a favorable background investigation, and the ability to obtain & maintain a USPS sensitive clearance.

 

An experienced Cybersecurity Vulnerability Engineer is needed to support the customer team. The ideal candidate for this job will be an experienced security practitioner who is goal-oriented and strives to exceed expectations.

 

The Cybersecurity Vulnerability Engineer accurately assess the vulnerabilities associated with customer information systems, coordinate with system owners to remediate vulnerabilities, and report progress of the remediation efforts to customer management.

 

*Must have experience with Splunk and ServiceNow VR module.

 

Location: Eagan, Minnesota

 

Job Responsibilities will include:

  • Serve as SME to explain vulnerabilities and risk to management and technical resources.
  • Serve as SME to assist in vulnerability remediation and providing written security guidance to customer on how to mitigate risks. Align guidance with customer regulations, guidance, and management directives.
  • Investigate identified vulnerability impact and risk to the customer using Splunk and Document vulnerability and risk using the ServiceNow VR module and communicate risks to leadership.
  • Assist customer with vulnerability remediation prioritization.
  • Communicate goals, build consensus across teams and negotiate remediation efforts and timelines. Assisting with research, documentation, revision, development, evaluation, and implementation of security plans.
  • Providing support to the team lead who works directly with Staff/Program Managers from Corporate Information Security Office (CISO).
  • Researching, developing, implementing and assessing the effectiveness of security policies, procedures, and controls to support customer operations.
  • Assisting with the development of stakeholder communications, e.g., reports, security presentations, executive-level briefings, etc.
  • Collaborating with stakeholders to ensure security issues are addressed correctly.
  • Maintaining relationships among CISO Leadership, Policy and Risk Management, Inspection Service and Postal Service unit managers, security control officers, area security coordinators, and other key deliverable stakeholders
  • Serving as a liaison between the customer’s organizations
  • Developing measures of effectiveness and measures of performance for the remediation of vulnerabilities

 

Required Skills:

  • 6+ years related experience in security operations and/or vulnerability management
  • The position requires U.S. Person status or a Non-U.S. Person be eligible to obtain Authorization. Must be eligible to obtain a sensitive clearance – Position of Public Trust.
  • Must be a self-starter capable of multitasking and efficiently managing your time in a dynamic environment while requiring minimal levels of supervision
  • Ability to effectively prioritize and execute tasks in a high pressure environment
  • Proficient using Splunk to query database of vulnerabilities and correlate impact to
  • Skilled at using ServiceNow VR module for vulnerability remediation tracking and management
  • Understanding of security standards and concepts and their practical implications on risk
  • Knowledge of security concepts, principles, procedures, methods, and practices to include intrusion prevention and detection, risk assessment tools, closed circuit television, and access control.
  • Ability to communicate risks and provide guidance for vulnerability remediation
  • Understanding of common regulatory or standards-based control frameworks such as: PCI-DSS, ISO 27001/2, NIST 800-53, etc.
  • Knowledge of OWASP, SANS Top 20 Critical Security Controls and NIST Vulnerability Database (CVE & CCE)
  • Knowledge of networking protocols: TCP/IP, HTTP/HTTPs, FTP, DNS, etc.
  • Knowledge of Windows and Unix Operating Systems
  • Solid understanding of information, host and network security, common intrusion techniques, and risk management concepts
  • Candidate should also demonstrate attention to detail, have the ability to work independently with minimal supervision and adapt to changes in priorities in a fast-paced environment.
  • Ability to work within a multi-disciplined team.
  • Proficiency with MS Office Applications.
  • Excellent verbal and written communication skills.
  • Excellent interpersonal skills to enable building working relationships.
  • Ability to work in a team environment and work collaboratively.
  • Excellent electronic research skills using search tools, databases, and similar sources to support various customer programs and projects.

 

Desired Skills:

  • Experience supporting U.S. Government agencies.
  • Ability to assist others in solving problems and work with them to implement the solution.
  • Ability to use interpersonal skills, along with knowledge of the Agency structure and organization, to identify the proper resources to apply to current problems.
  • Prefer IA Manager (IAM) Level II, as prescribed by DOD 8570.1-M, Information Assurance Improvement Program as demonstrated by having one of the following Certifications:
  • CAP,
  • CASP+ CE
  • CISM
  • CISSP (or Associate)
  • GSLC
  • CCISO
  • 2 years of demonstrated experience related to Authorization and Assessment/Certification and Accreditation processes and documentation including Risk Management Framework (RMF) guidelines, directives and security mandates.
  • 3 years of demonstrated experience related to vulnerability notification/identification processes for IAVA, TCNOs, STIGs, etc.

 

 

Required Education (including Major): Bachelor’s Degree in related field. Two years of relevant work experience may be substituted for each year of degree level education.