Senior Vulnerability Management Analyst

Ariel Partners•Nyc, NY

20h

About The Position

Objective: To ensure continuous monitoring, auditing, and remediation of security risks affecting DSS infrastructure components being migrated, decommissioned, or integrated within the hybrid environment, maintaining agency security posture during the transition. Scope: Scan and Assess agency assets in all locations and environments that are part of he DC migration project. Execute vulnerability scans for migrating systems, validate risk scores, and recommend remediation for in-scope hardware/software. Develop and maintain dashboards in Rapid7 tailored for tracking migration-phase vulnerabilities. Script and automate vulnerability reporting across all locations and environments. Tasks Breakdown: Perform vulnerability & exposure management scanning on devices. Conduct a comprehensive risk assessment of the current environment to identify and document potential vulnerabilities associated with this migration. Categorize and prioritize data based on its sensitivity to tailor security controls, accordingly, employing methods like encryption for sensitive data both at rest and in transit. Create a detailed inventory of all IT assets slated for migration, including applications, databases, servers, and network devices. Map dependencies between applications and infrastructure components to maintain functionality and minimize security risks during and after the migration. Conduct thorough security audits and vulnerability assessments after the migration to identify and address any newly emerged vulnerabilities in the new environment. Interpret CVE data to prioritize threats in live & staged environments. Document for auditability and incident prevention related to the data migration effort. Script PowerShell tools to automate asset reclassification and reporting.

Requirements

5+ years of hands-on experience with Rapid7 InsightVM, and ability to prioritize vulnerabilities based on exploitability, business impact, and criticality
5+ years of experience setting up remediation projects, running advanced queries, exporting data in Rapid7, and performing analysis in Excel using pivot-tables
5+ years of hands-on experience with IT Service Management software including ServiceNow (creating tickets, searching, updating, attaching files, researching SLA, creating child-parent ticket pairs)
5+ years of strong foundational understanding of general IT concepts, with hands-on familiarity across Windows, Unix, and Linux server environments, core networking principles, virtualization technologies such as VMware, and exposure to enterprise platforms including Oracle and IBM systems

Responsibilities

Perform vulnerability & exposure management scanning on devices.
Conduct a comprehensive risk assessment of the current environment to identify and document potential vulnerabilities associated with this migration.
Categorize and prioritize data based on its sensitivity to tailor security controls, accordingly, employing methods like encryption for sensitive data both at rest and in transit.
Create a detailed inventory of all IT assets slated for migration, including applications, databases, servers, and network devices.
Map dependencies between applications and infrastructure components to maintain functionality and minimize security risks during and after the migration.
Conduct thorough security audits and vulnerability assessments after the migration to identify and address any newly emerged vulnerabilities in the new environment.
Interpret CVE data to prioritize threats in live & staged environments.
Document for auditability and incident prevention related to the data migration effort.
Script PowerShell tools to automate asset reclassification and reporting.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume