Jr. Vulnerability and Patch Management Specialist

About The Position

Requirements

• Minimum of one (1) year of experience in a cybersecurity role.
• Experience in a government or regulated environment.
• Strong analytical skills and the ability to communicate technical information effectively.
• Proven ability to work collaboratively in a team environment.

Nice To Haves

• A cybersecurity certification such as COMPTIA Security+ or equivalent preferred.
• Experience following and interpreting Federal (Department of Energy preferred) and NERC directives, regulations, and standards.

Responsibilities

• Act as part of a cross-organizational Vulnerability and Patch Management team, coordinating cyber incident response across Transmission Operational Technology.
• Provide technical support during cyber-events related to vulnerabilities as part of an incident response team.
• Perform technical risk and vulnerability assessments of relevant technology focus areas, including local computing environments, network and infrastructure, supporting infrastructure, and applications.
• Interact continuously with business units to discover, triage, and resolve security vulnerabilities using manual and automated tools as part of a Secure Development Life Cycle.
• Analyze vulnerabilities to characterize threats and provide remediation recommendations.
• Conduct vulnerability assessments, including evaluating specific configurations of network devices, operating systems, and network-enabled software applications on both Windows and Linux platforms.
• Responsible for the discovery, identification, and evaluation of security-related patches.
• Develop and maintain a source list that tracks the release of cybersecurity patches.
• Coordinate with System Owners, Resource Managers, and System Security Officers to ensure system patching is occurring and vulnerabilities are being mitigated.
• Plan and coordinate the installation of new products, security patches, and upgrades.
• Identify and mitigate security vulnerabilities and risks through vendor-identified configuration changes and maintain server integrity and availability.
• Develop patch mitigation plans and coordinate with Resource Managers and System Owners to ensure resolution is completed by agreed-upon dates.
• Manage the server operating system patching procedure and security hardening.
• Evaluate and review patches before and after installation.
• Develop procedures for responding to new threats to systems' confidentiality, integrity, and availability.
• Oversee the implementation of new procedures for responding to system threats and interpret procedures in response to questions from systems administrators.
• Provide subject matter expertise for applying security-related patches, hotfixes, and updates, or applying compensating measures for BES Cyber System or BES Cyber Assets mitigation plans.
• Provide subject matter expertise for determining and communicating to management when it is in the best interest of reliability to not install a patch and document the mitigation for the vulnerability.
• Investigate, evaluate, and select tools and methods for improving software development security testing throughout the life cycle to prevent the introduction of vulnerabilities.
• Develop best practices guides for use by other application software specialists.

Benefits

• Growth: AI-powered career tool that identifies career steps and learning opportunities
• Support: An internal mobility team focused on helping you achieve your career goals
• Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
• Community: Award-winning culture of innovation and a military-friendly workplace.