Jr. Vulnerability Assessment Analyst

About DMI

DMI (Digital Management, LLC.) is a global technology solutions company that specializes in digital strategy, design, transformation and support. Utilizing expertise from six unique DMI Groups, in the areas of AI & Analytics, Commerce, Experience, Managed Services, Transformation, and Government, DMI delivers intelligent digital transformation solutions that meet organizations where they are. Born digital, DMI has been delivering mission-critical, enterprise grade solutions since 2002 for over a hundred Fortune 1000 enterprises and all fifteen U.S. Federal Departments. DMI has grown to 2,000 employees globally and has been continually recognized by top industry analysts as market leader as well as a Top Place to Work by the Washington Post. DMInc.com | Careers | Twitter | LinkedIn | Facebook

About the Opportunity

DMI (Digital Management, LLC.) is looking for a Jr. Vulnerability Assessment Analyst with project lead experience and hands-on engineering experience. The Vulnerability Assessment Analyst will be responsible for the planning, implementation, maintenance, and support of the vulnerability management program at for a State-Level Department of IT, Security Assessment Function.

Duties and Responsibilities:

• Daily oversight of vulnerability management program
• Serve as liaison between Security Assessment and Security Operation Center (SOC) functions on matters pertaining to vulnerability scanning for security assessment efforts
• Plan, execute, monitor and control, and successfully close vulnerability management projects/tasks
• Configure and schedule patch and secure configurations audit scan jobs (vulnerability scans)
• Maintain configurations of patch and secure configurations scan jobs i.e., asset lists, scan plugins, STIGs audit files, CIS Benchmarks audit files, scan credentials
• Troubleshoot and resolve failed patch and secure configurations scan jobs i.e., missing credentials, asset list updates, firewall issues
• Analyze patch and secure configurations audit scan results and identify and document technical and procedural vulnerability findings
• Research resolution strategies/measures for identified vulnerability findings and provide remediation/mitigation recommendations
• Identify false positive findings and determine and advise on the criteria for validating the findings i.e., required artifacts
• Prepare vulnerability management reports on the status of patch and secure configuration audit scans and associated remediation efforts
• Communicate status vulnerability management efforts to include regular scheduled reports and as well as ad hoc reports
• Ensure the vulnerability management platform maintains updated versions of secure configurations scans audit files i.e., proprietary vendor audit files, STIGs audit files, CIS Benchmarks audit files
• Ensure that vulnerability management services are operating as expected i.e., completeness of the of each scope scan jobs, timely completion of scan jobs, up-to-date patch audit plugins
• Ensure proper functioning of integrations between the vulnerability management platform and other tools such as asset management and risk management platforms
• Ensure and data updates from vulnerability management platforms to asset management and risk management platform are running as scheduled
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Development and implementation operational and technical vulnerability management policies
• Defining, developing, implementing, and processes and procedures for to support and maintain vulnerability management program

Qualifications

Education and Years of Experience:

• At least five (5) years of experience with NIST Risk Management Framework (RMF) supporting technical assessment (vulnerability scans) of control implementations and continuous monitoring post-system Authority to Operate (ATO)
• At least three (3) years of hands-on experience in LAN Administration i.e., Hands-on administration of Windows OS and Linux OS, and hands-on basics administration of routers, switches, and firewalls.
• At least ftwo (2) years of hands-on experience with Tenable Security Center/ Nessus Scanners i.e., creating, maintaining, and running scan jobs and analyzing scan results
• At least two (2) years of hands-on experience executing, monitoring and controlling, and closing security assessment projects
• Associates or bachelor's degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering or related scientific or technical discipline.
• Ability to work outside of regular business hours, the role may require on-call support after regular business hours or weekends.

Required Skills/Certifications:

• At least 1 security management industry certifications such as Sec , CySA , etc.
• Self-starter, able to gather requirements, plan, execute system deployment efforts.
• Able to perform conduct vulnerability assessment of technical security controls, identify and validate findings, research resolutions, and provide remediation/mitigation recommendations.
• LAN administration experience, particularly with Windows OS and Linux OS.
• Experience with the vulnerability management tools such as Tenable Security Center/Nessus Scanners, Web Inspect, DB Protect etc.
• Experience with Governance, Risk, and Compliance (GRC) platforms such as RSA Archer, ServiceNow GRC, CSAM
• Customer-oriented with excellent issue follow-through and resolution abilities.
• Excellent written and oral communication, and presentation skills.
• Ability to effectively work both autonomously as well as on a team.
• Outstanding interpersonal skills, strong work ethic, and self-motivated.
• Utilize tools and analytical skills to plan and execute technical changes.
• Relevant industry certification.

Desired Skills/Certifications:

• Experience with the vulnerability management tools such as Tenable Security Center/Nessus Scanners, Web Inspect, DB Protect etc.
• Experience with ServiceNow Governance, Risk, and Compliance (GRC) platforms
• Experience with Window, Linux, Database, and Web Apps system administration.
• Experience in project task technical analysis, planning, and estimation.
• Experience with technology capabilities market research, technical analysis/review, and recommendation.
• Other relevant industry certifications such as Security , CAP, CEH etc.

Location: Remote (Must live in a commutable distance to Crownsville, MD)

Min. Citizenship Status Required: U.S Citizenship

Physical Requirements: N/A

Working at DMI

DMI is a diverse, prosperous and rewarding place to work. Being part of the DMI family means we care about your wellbeing. As such, we offer a variety of perks and benefits that help meet various interests and needs, while still having the opportunity to work directly with a number of our award winning, Fortune 1000 clients. The following categories make up your DMI wellbeing:

• Community - Blood drives, volunteering opportunities, Holiday parties, summer picnics, Tech Chef, Octoberfest just to name a few ways DMI comes together as a community.
• Convenience/Concierge - Virtual visits through health insurance, pet insurance, commuter benefits, discount tickets for movies, travel and many other items to provide convenience.
• Development - Annual performance management, continuing education and tuition assistance, internal job opportunities along with career enrichment and advancement to help each employee with their professional and personal development.
• Financial - Generous 401k match for both pre-tax and post-tax (ROTH) contributions along with financial wellness education, EAP, Life Insurance and Disability help provide financial stability for each DMI employee.
• Recognition - Great achievements do not go unnoticed by DMI through Annual Awards ceremony, service anniversaries, peer-to-peer acknowledgement through Give-A-Wow, employee referral bonuses.
• Wellness - Healthcare benefits, Wellness programs, Flu Shots, Biometric screenings, on-site lactation rooms provide employees with several wellness options.

Employees are valued for their talents and contributions. We all take pride in helping our customers achieve their goals, which in turn contributes to the overall success of the company.

The company does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans, and to treat qualified individuals without discrimination on the basis of their physical or mental disability or veteran status. DMI is an Equal Opportunity Employer Minority/Female/Veterans/Disability. DMI maintains a drug-free workplace.

***************** No Agencies Please *****************

Applicants selected may be subject to a government security investigation and must meet eligibility requirements for access to classified information. ship may be required for some positions.

#LI-CA1

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.