Javen Technologies
Vulnerability Management - StateRAMP/FedRAMP - Remote
Javen Technologies, Maplewood, Minnesota, United States
Position Overview:
We are seeking a detail-oriented and proactive technical individual to support vulnerability monitoring and remediation efforts across Solventum Catalyst environments in StateRAMP, FedRAMP, and Commercial accounts. This role is critical to maintaining our security posture and ensuring compliance with StateRAMP, FedRAMP, SOC-2 and our internal Solventum ATO (Authority To Operate) process. The contractor will work closely with the Catalyst Site Reliability Engineering team to identify, assess, and remediate vulnerabilities using a variety of tools. The ideal candidate will have hands-on experience with Linux-based operating systems, AWS services and vulnerability management tools.
Position Duties:
Monitor vulnerabilities using JIRA and vulnerability management tools such as, but not limited to, Qualys VDMR/WAS/PC, Insight Cloud Sec, CheckMarx, Nexus IQ May be necessary to manually run reports to verify remediation efforts were successful Ensure compute replacement and patching processes working as expected; Monitor and remediate any issues with Automated Lambda assigning latest AMI Ids Automated Auto-Scaling Group EC2 replacement via scheduled scaling or instance refresh Automated Patch Management for long-running non-ephemeral instances Review reports for failures; identify and remediate issues Review AWS maintenance window for failure details; resolve/test/commit changes as needed Manually update AWS EKS AMI assignment and nodegroup replacement; will automate process in the future Assist with software deployments and upgrades. These may include, but not limited to Solventum application upgrades Unmanaged third-party application upgrades Managed AWS service (RDS, MSK, etc) upgrades Remediate vulnerabilities within SLA (Service Level Agreement) guidelines Manually remediate vulnerabilities that aren't addressed with automated processes above Delegate Qualys WAS (DAST), CheckMarx (SAST) and Nexus IQ (SCA) vulnerabilities to development teams in timely manner Gather evidence to document compliance with certification programs like StateRAMP, FedRAMP, SOC-2 and Sovlentum's ATO (Authority To Opearte)
Skills: Basic Qualifications:
Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience Technical Experience Proficiency in AWS services: EC2, EKS, ASG, Lambda, RDS, MSK Linux operating system administration and package management Security & Compliance Knowledge Understanding of vulnerability remediation workflows Familiarity with compliance frameworks: StateRAMP, FedRAMP, SOC-2 Ability to interpret and act on vulnerability reports Preferred Qualifications:
Hands-on experience with vulnerability management tools like Qualys VDMR, WAS, PC; CheckMarx; Nexus IQ; Insight Cloud Sec Currently or previously held FedRAMP clearance or the ability to pass background check to work in FedRAMP environment
Soft Skills:
Team Collaboration Strong team player with the ability to work cross-functionally with DevOps, Security, and Development teams. Willingness to share knowledge and support others in troubleshooting and remediation efforts. Communication Excellent written and verbal communication skills. Ability to clearly document findings, remediation steps, and compliance evidence. Problem Solving Analytical mindset with a proactive approach to identifying and resolving issues. Comfortable working independently and managing multiple priorities under tight deadlines.
Core Hours:
8 hours per day Monday - Friday; Occasionally may be needed to work after business hours to complete upgrades or patches. Education:
Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience
We are seeking a detail-oriented and proactive technical individual to support vulnerability monitoring and remediation efforts across Solventum Catalyst environments in StateRAMP, FedRAMP, and Commercial accounts. This role is critical to maintaining our security posture and ensuring compliance with StateRAMP, FedRAMP, SOC-2 and our internal Solventum ATO (Authority To Operate) process. The contractor will work closely with the Catalyst Site Reliability Engineering team to identify, assess, and remediate vulnerabilities using a variety of tools. The ideal candidate will have hands-on experience with Linux-based operating systems, AWS services and vulnerability management tools.
Position Duties:
Monitor vulnerabilities using JIRA and vulnerability management tools such as, but not limited to, Qualys VDMR/WAS/PC, Insight Cloud Sec, CheckMarx, Nexus IQ May be necessary to manually run reports to verify remediation efforts were successful Ensure compute replacement and patching processes working as expected; Monitor and remediate any issues with Automated Lambda assigning latest AMI Ids Automated Auto-Scaling Group EC2 replacement via scheduled scaling or instance refresh Automated Patch Management for long-running non-ephemeral instances Review reports for failures; identify and remediate issues Review AWS maintenance window for failure details; resolve/test/commit changes as needed Manually update AWS EKS AMI assignment and nodegroup replacement; will automate process in the future Assist with software deployments and upgrades. These may include, but not limited to Solventum application upgrades Unmanaged third-party application upgrades Managed AWS service (RDS, MSK, etc) upgrades Remediate vulnerabilities within SLA (Service Level Agreement) guidelines Manually remediate vulnerabilities that aren't addressed with automated processes above Delegate Qualys WAS (DAST), CheckMarx (SAST) and Nexus IQ (SCA) vulnerabilities to development teams in timely manner Gather evidence to document compliance with certification programs like StateRAMP, FedRAMP, SOC-2 and Sovlentum's ATO (Authority To Opearte)
Skills: Basic Qualifications:
Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience Technical Experience Proficiency in AWS services: EC2, EKS, ASG, Lambda, RDS, MSK Linux operating system administration and package management Security & Compliance Knowledge Understanding of vulnerability remediation workflows Familiarity with compliance frameworks: StateRAMP, FedRAMP, SOC-2 Ability to interpret and act on vulnerability reports Preferred Qualifications:
Hands-on experience with vulnerability management tools like Qualys VDMR, WAS, PC; CheckMarx; Nexus IQ; Insight Cloud Sec Currently or previously held FedRAMP clearance or the ability to pass background check to work in FedRAMP environment
Soft Skills:
Team Collaboration Strong team player with the ability to work cross-functionally with DevOps, Security, and Development teams. Willingness to share knowledge and support others in troubleshooting and remediation efforts. Communication Excellent written and verbal communication skills. Ability to clearly document findings, remediation steps, and compliance evidence. Problem Solving Analytical mindset with a proactive approach to identifying and resolving issues. Comfortable working independently and managing multiple priorities under tight deadlines.
Core Hours:
8 hours per day Monday - Friday; Occasionally may be needed to work after business hours to complete upgrades or patches. Education:
Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience