Staff Vulnerability Management Analyst - Federal

About The Position

Requirements

• 5+ years of multifaceted cyber security experience in a technology-centric company.
• 5+ years of experience in building vulnerability scanning solutions within a highly regulated environment such as FedRamp High, IL4, IL5 and/ or IL6.
• Experience with commercial or open-source vulnerability and misconfiguration scanners and reporting tools regarding Infrastructure/ IP based Assets, Containers, CSPM and CNAPP. Examples: Qualys, Tenable, Prisma Cloud, Wiz, Orca, Lacework, Paramify, Atlassian Jira, ServiceNow etc.
• Functional knowledge of vulnerabilities, exploitation and remediation. You should be able to explain vulnerabilities and exploits as well as propose remediations for the most common vulnerabilities.
• Familiarity with industry standards, frameworks and publications such as CVE, CVSS, EPSS, OWASP and CISA KEV catalog.
• Proficiency in scripting and automation with Python. Familiarity with other scripting and automation tools is a plus.
• Experience working with AWS Lambda or similar serverless computing environments for automating vulnerability management scanning and reporting tasks.
• Proficiency in working with AWS services such as S3, DynamoDB, API Gateway, and others.
• You have a deep focus on execution, follow-through, accountability, and results.
• You have a growth mindset; You thrive on challenge, you see learnings and opportunities, not failures.
• You enjoy working with cross-functional teams and have exceptional stakeholder management skills.
• You surround yourself with high energy, thriving teams to achieve quality outcomes.
• Bachelor's degree in Computer Science, Computer Engineering, or equivalent experience.
• This position requires the ability to access federal environments and/or have access to protected federal data. As a condition of employment for this position, the successful candidate must be able to submit documentation establishing U.S. Person status (e.g. a U.S. Citizen, National, Lawful Permanent Resident, Refugee, or Asylee. 22 CFR 120.15) upon hire.

Nice To Haves

• Current or previous Secret, Top Secret (TS) or Top Secret/Sensitive Compartmented Information (TS/SCI) clearance is a plus.
• Familiarity with other scripting and automation tools is a plus.

Responsibilities

• Own the full lifecycle operations of Asset and Vulnerability Management scanning and reporting infrastructure, including designing new cloud based and on-prem deployments as required.
• Assess new and existing scan technologies to determine potential business value.
• Monitor and respond to security inquiries, requests, and incidents, understanding the technical details of the published vulnerabilities as well as their real risk. Effectively communicate the perceived and real vulnerability impact given the infrastructure context.
• Contribute to the definition and execution of internal processes that allow for accelerated remediation of critical vulnerabilities and zero-days.
• Support audit, governance, risk and compliance teams in scanning and reporting on various regulatory compliance and industry best practices including PCI, ISO 27001/27017/27018 , NIST SP 800-53 and SOC 2.
• Assist Okta’s Public Sector compliance team in their preparation and maintenance of POAMs (Plan of Action & Milestones) and Continuous Monitoring (ConMon) processes.
• Track and manage weaknesses or gaps in vulnerability related security controls, outlining tasks, required resources, milestones, and scheduled completion dates to achieve compliance with standards like NIST 800-171 and CMMC.
• Participate in other special projects or strategic initiatives at the direction of the Security team.

Benefits

• health, dental and vision insurance
• 401(k)
• flexible spending account
• paid leave (including PTO and parental leave)