Senior Vulnerability and Patch Management Specialist

GD Information Technology-posted 10 days ago
Full-time • Mid Level
Onsite • Portland, OR
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

We are seeking a highly skilled and experienced Senior Vulnerability and Patch Management Specialist to join our team. The successful candidate will have a minimum of 5 years of experience in cybersecurity, a CISSP certification, and a strong background in government or regulated environments. The ideal candidate will be responsible for coordinating cyber incident response, performing technical risk and vulnerability assessments, and ensuring the secure development and maintenance of our technology infrastructure. MEANINGFUL WORK AND PERSONAL IMPAC Act as part of a cross-organizational Vulnerability and Patch Management team, coordinating cyber incident response across Transmission Operational Technology. Provide technical support during cyber-events related to vulnerabilities as part of an incident response team. Perform technical risk and vulnerability assessments of relevant technology focus areas, including local computing environments, network and infrastructure, supporting infrastructure, and applications. Interact continuously with business units to discover, triage, and resolve security vulnerabilities using manual and automated tools as part of a Secure Development Life Cycle. Analyze vulnerabilities to characterize threats and provide remediation recommendations. Conduct vulnerability assessments, including evaluating specific configurations of network devices, operating systems, and network-enabled software applications on both Windows and Linux platforms. Responsible for the discovery, identification, and evaluation of security-related patches. Develop and maintain a source list that tracks the release of cybersecurity patches. Coordinate with System Owners, Resource Managers, and System Security Officers to ensure system patching is occurring and vulnerabilities are being mitigated. Plan and coordinate the installation of new products, security patches, and upgrades. Identify and mitigate security vulnerabilities and risks through vendor-identified configuration changes and maintain server integrity and availability. Develop patch mitigation plans and coordinate with Resource Managers and System Owners to ensure resolution is completed by agreed-upon dates. Manage the server operating system patching procedure and security hardening. Evaluate and review patches before and after installation. Develop procedures for responding to new threats to systems' confidentiality, integrity, and availability. Oversee the implementation of new procedures for responding to system threats and interpret procedures in response to questions from systems administrators. Provide subject matter expertise for applying security-related patches, hotfixes, and updates, or applying compensating measures for BES Cyber System or BES Cyber Assets mitigation plans. Provide subject matter expertise for determining and communicating to management when it is in the best interest of reliability to not install a patch and document the mitigation for the vulnerability. Investigate, evaluate, and select tools and methods for improving software development security testing throughout the life cycle to prevent the introduction of vulnerabilities. Develop best practices guides for use by other application software specialists.

  • Act as part of a cross-organizational Vulnerability and Patch Management team, coordinating cyber incident response across Transmission Operational Technology.
  • Provide technical support during cyber-events related to vulnerabilities as part of an incident response team.
  • Perform technical risk and vulnerability assessments of relevant technology focus areas, including local computing environments, network and infrastructure, supporting infrastructure, and applications.
  • Interact continuously with business units to discover, triage, and resolve security vulnerabilities using manual and automated tools as part of a Secure Development Life Cycle.
  • Analyze vulnerabilities to characterize threats and provide remediation recommendations.
  • Conduct vulnerability assessments, including evaluating specific configurations of network devices, operating systems, and network-enabled software applications on both Windows and Linux platforms.
  • Responsible for the discovery, identification, and evaluation of security-related patches.
  • Develop and maintain a source list that tracks the release of cybersecurity patches.
  • Coordinate with System Owners, Resource Managers, and System Security Officers to ensure system patching is occurring and vulnerabilities are being mitigated.
  • Plan and coordinate the installation of new products, security patches, and upgrades.
  • Identify and mitigate security vulnerabilities and risks through vendor-identified configuration changes and maintain server integrity and availability.
  • Develop patch mitigation plans and coordinate with Resource Managers and System Owners to ensure resolution is completed by agreed-upon dates.
  • Manage the server operating system patching procedure and security hardening.
  • Evaluate and review patches before and after installation.
  • Develop procedures for responding to new threats to systems' confidentiality, integrity, and availability.
  • Oversee the implementation of new procedures for responding to system threats and interpret procedures in response to questions from systems administrators.
  • Provide subject matter expertise for applying security-related patches, hotfixes, and updates, or applying compensating measures for BES Cyber System or BES Cyber Assets mitigation plans.
  • Provide subject matter expertise for determining and communicating to management when it is in the best interest of reliability to not install a patch and document the mitigation for the vulnerability.
  • Investigate, evaluate, and select tools and methods for improving software development security testing throughout the life cycle to prevent the introduction of vulnerabilities.
  • Develop best practices guides for use by other application software specialists.
  • Minimum of 5 years of experience in a cybersecurity role.
  • CISSP certification required.
  • Experience following and interpreting Federal (Department of Energy preferred) and NERC directives, regulations, and standards.
  • Experience in a government or regulated environment.
  • Strong analytical skills and the ability to communicate technical information effectively.
  • Proven ability to work collaboratively in a team environment.
  • Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
  • To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
  • To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.
  • We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service