Job ID: IN-15606 (97391002)
Security Analyst (SSCP/CISSP/OSCP/GIAC/GPEN/GWAPT) with vulnerability assessment, penetration testing, NIST, US-CERT and OWASP Top 10 experience
Location: Indianapolis IN
Duration: 12 months
Visa: USC/GC (W2 only)
Bachelor’s degree from an accredited institution or equivalent experience.
3+ years’ experience in a vulnerability management role
3+ years’ experience working knowledge of Information Security best practices, policies, standards, and baselines, including industry standards and guidelines from NIST, US-CERT, ,OWASP Top 10, etc.
3+ years’ technical working experience/knowledge of operating systems, databases, web applications, mobile devices, middleware, and other computing devices/software components
Security certifications such as the Systems Security Certified Practitioner (SSCP) Certification, Certified Information Systems Security Professional (CISSP) OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications considered a plus.
Performs authorized vulnerability assessments, penetration tests, and secure code validation testing using both automated and manual techniques to assess potential security weaknesses within the network infrastructure of the agency. Components to be tested include, but are not limited to, systems, network devices, applications, databases, and web services. Examines results of web/OS/DB/network, and application (static and dynamic) code scanners for potential vulnerabilities, configuration, and compliance issues. Provides reports containing the results of the testing and prioritized recommendations for the remediation of the identified issues.
Identify critical system vulnerabilities (e.g. OWASP Top 10, US-CERT alerts, etc.). Experience in providing technical guidance for timely mitigation strategies for these vulnerabilities based on risk level.
Tactically guide the Vulnerability Management (VM) Plan, to coordinate, monitor and support activities in the areas of the VM program, security patch and remediation management.
Provide input, help prepare and update VM roadmap, develop, maintain, and publish project plans and operation schedules.
Provide status reports to executive management related to VM metrics, key risk indicators, trending, and compliance reports.
Propose VM concepts/solutions.
Create and maintain project plans for the VM program, provide technical knowledge to operations and production support teams.
Maintain configuration control of VM hardware, systems, and application software, coordinate upgrades and other maintenance activities on VM tools.
Analyze assessment results and threat feeds to properly react to security weaknesses or vulnerabilities.
Prepare and maintain technical documentation of VM program including requirements, architecture designs, network topology, applications and application security designs
Collaborate on Information Security policies, standards, and baselines and contribute efforts to measure compliance.
Collaborate on and provide VM results and metrics for consistent reporting for governance purposes; collaborate and coordinate remediation plans and activities
Help develop a long term VM strategy that will address information security needs (current state, gaps and opportunities).