Web Application Vulnerability Services Specialist

Title: Web Application Vulnerability Services Specialist

State Role Title: Info Technology Specialist III

Hiring Range: $80,000 - $100,000

Pay Band: 6

Agency: VA Information Tech Agency

Location: VA Information Technologies

Agency Website: www.vita.virginia.gov

Recruitment Type: General Public - G

Job Duties

The Virginia IT Agency (VITA) is currently seeking a Web Application Vulnerability Services Specialist within its Threat Intel and Vulnerability Management Team.

This position supports the team’s main mission to scan all Commonwealth executive branch web applications and websites for vulnerabilities.

Duties include assisting agencies in the remediation of discovered vulnerabilities, working technical proof-of-concepts to assist in detection engineering, providing feedback for remediating at scale in the enterprise, and working with APIs to automate processes.

At VITA, we are driven by our mission to deliver sustainable and effective results through innovative, efficient, and secure services. Our vision is to be Virginia's most customer-focused technology partner, dedicated to empowering the Commonwealth by connecting, protecting, and innovating.

Be a part of our transformative journey. Apply now and contribute to shaping the future of technology in Virginia!

Minimum Qualifications

Experience with web application vulnerability scanning, identification, and remediation.

Experience evaluating web application security controls and presenting findings in verbal and written reports.

Experience in one or more: Software development lifecycle, System administration: Windows and Linux, Administration of web servers (IIS, Apache, Nginx, etc.), Automation with scripting languages such as PowerShell, Python, Bash, etc.

Experience manipulating web traffic with proxy software (BURP, OWASP ZAP, etc.)

Experience with Web App scanning software (Qualys, Acunetix, Greenbone, Rapid7, NMAP etc.)

Experience with Tenable Nessus.

Understanding of LAN/WAN connectivity and TCP/IP protocol architecture.

Working knowledge of network protocols: ICMP, DNS, SMB, LDAP, HTTP(S), SSH.

Applicant must be a US Citizen

Additional Considerations

Working knowledge of SSO Authentication protocols: SAML, OAuth, OIDC.

Must be able to work in a fast-paced environment and acquire new skills/knowledge to meet customer needs.

Excellent communication and presentation skills required.

Experience handling APIs with Python.

Experience with Docker.

Experience preforming vulnerability management.

Experience with cloud-based platforms (AWS, AZURE, OCI).

Security certification (GIAC, ISC2, ISACA, CompTIA, EC-Council, etc.)

Penetration testing certification (OSCP, GWEB, GWAPT, Pen Test , GXPN, CPT, CEPT).

Cloud-based certifications (AWS-CCP, MS Azure Fundamentals, Cloud Security Alliance CSSK, ISC2 CSSP).

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

This position is eligible for one (1) day telework.

Applicants must consent to a fingerprint background check.

This position is eligible for a Security Clearance with DHS (Department of Homeland Security) and the selected candidate must be a U.S. Citizen to obtain a clearance.

State applications and/or resumes will only be accepted as submitted online by 11:55 p.m. on the closing date through the state applicant tracking system. We will not accept applications, resumes, cover letters, etc. in any other format. Please refer to “Your Application” in your PageUp account to check the status of your application for this position. The decision to interview an applicant is based on the information provided in the application and/or resume.

Reasonable accommodations are available to persons with disabilities during the application and/or interview processes per the Americans with Disabilities Act.

VITA is a “Virginia Values Veterans” (V3) official certified state agency that provides hiring preference to Veterans and Members of the Virginia National Guard in support of Executive Order 29, (2010). If you are a Veteran or Virginia National Guard Member, we encourage you to apply and receive preference in the hiring process. AmeriCorps, Peace Corps and other national service alumni also are encouraged to apply.

Contact Information

Name: VITA Human Resources

Email: VITAhr@vita.virginia.gov

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.