Cyber Command Vulnerability Management Specialist Location: Brooklyn, NY/Hybrid Duration: 2 Years SCOPE OF SERVICES The Cyber Command Threat Management division within Client requires a Vulnerability Management Specialist to serve as a subject matter expert in vulnerability management. Responsibilities Research, analyze, and brief management and team members on relevant risks, CVEs, CVSS scores, Vector Strings, NVD, Mitre, attack vectors, and mitigations for various technologies. Design, architect, and build vulnerability management scanning infrastructure and tools using Rapid7. Manage, configure, and conduct vulnerability scans across various networks using Rapid7. Analyze vulnerability management data through industry research, detailed analysis, and generate reports and dashboards to assess and prioritize risks. Evaluate security vulnerabilities, assess risks and impacts, develop mitigation strategies, and implement remediation plans. Present technical briefings on threat intelligence, risk assessments, CVEs, vendor hardware/software vulnerabilities, and industry trends to team members and stakeholders. Create automation scripts using Python, PowerShell, and other tools to streamline vulnerability management tasks. Automate detection, reporting, and tracking of vulnerabilities. Develop detailed reports and analyses utilizing Rapid7 dashboards, scripts, Excel, and PowerPoint. Travel within NYC as needed for project requirements. Mandatory Skills and Experience Minimum 8 years of experience in Cybersecurity, including vulnerability management, scanning tools, assessments, attack surface management, scripting, and vulnerability analysis. Strong knowledge of CVEs, CVSS, Vector Strings, NVD, Mitre, attack vectors, and mitigations. Hands-on experience designing and building vulnerability management infrastructure, especially with Rapid7; conducting scans and analyzing results. Experience evaluating vulnerabilities, assessing risks, and developing mitigation strategies. Proven ability to conduct intelligence research on CVEs and vendor vulnerabilities, and present technical overviews. Extensive scripting experience with Python and PowerShell for automation. Proficiency with Excel, including data analysis techniques like VLookup and PivotTables. Desirable Skills and Experience Experience reporting on vulnerability risks to technical stakeholders and agencies. Ability to evaluate current threat landscapes, including tactics, techniques, and procedures. Experience promoting cybersecurity best practices and risk reduction strategies within agencies. Experience with Tableau for reporting and analysis. Knowledge of security products such as next-generation firewalls, IDS, DMZ, IPSec, DNS, SMTP, HTTP, VPNs, proxies. Understanding of security standards like NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5, Microsoft, Unix/Linux. Knowledge of cryptography, encryption, hashing techniques. Ability to analyze cybersecurity documentation, including policies and procedures. Extensive experience with Windows and Linux servers. Excellent written and oral communication skills. Strong organizational and analytical skills. Relevant certifications such as CISSP, GSEC, GCIA, GCIH, CEH, CWAPT. #J-18808-Ljbffr
Molaprise