Technical Vulnerability Management Analyst, Public Sector

Google•New York, NY

21h

About The Position

As a Security Consultant, you will be responsible for helping clients effectively prepare for, proactively mitigate, and detect and respond to cyber security threats. Security Consultants have an understanding of computer science, operating system functionality and networking, cloud services, corporate network environments and how to apply this knowledge to cyber security threats. As a Security Consultant, you could work on engagements including assisting clients in navigating technically complex and high-profile incidents, performing forensic analysis, threat hunting, and malware triage. You may also test client networks, applications and devices by emulating the latest techniques to help them defend against threats, and will be the technical advocate for information security requirements and provide an in-depth understanding of the information security domain. You will also articulate and present complex concepts to business stakeholders, executive leadership, and technical contributors and successfully lead complex engagements alongside cross functional teams. In this role, you will support the vulnerability management program for a large municipality and help them manage the threats posed by software and infrastructure vulnerabilities, including Cloud, with a focus on risk for prioritization of remediation. You will research, analyze and brief management and team members on relevant common vulnerabilities and exposures (CVE’s), common vulnerability scoring system (CVSS) ratings, vector strings, national vulnerability database (NVD), Mitre, attack vectors and mitigations for various technologies. Technical familiarity with vulnerability management and application security testing tools will be required to help design, architect and build scanning infrastructure and tools i.e., manage, configure and conduct scans across various systems and networks. Google Public Sector brings the magic of Google to the mission of government and education with solutions purpose-built for enterprises. We focus on helping United States public sector institutions accelerate their digital transformations, and we continue to make significant investments and grow our team to meet the complex needs of local, state and federal government and educational institutions.

Requirements

Bachelor's degree in Computer Science, Information Systems, Cybersecurity or related technical field or equivalent practical experience.
5 years of experience assessing and developing cybersecurity solutions across multiple security domains.
5 years of experience in delivering cyber outcomes, identifying mission risks, and devising solutions.
Experience in Cloud security and vulnerability assessments.

Nice To Haves

Experience in Cloud technologies and native applications such as containers, functions, Kubernetes, and app services.
Experience in implementing industry-leading practices around cyber risks and cloud security for clients’ cloud security frameworks using industry standards.
Experience with evaluating infrastructure and web application security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation.
Experience with vulnerability management security assessment tools (e.g., Nessus, Rapid7, Qualys) and methodologies.
Experience with cloud governance, including cloud-native application protection platforms (CNAPP) and ability to convey governance principles to cloud computing in terms of policies.

Responsibilities

Conduct analysis to assess vulnerability impact and risk through industry research, and generate reports in scanning tools.
Present technical briefings and written vulnerability reports to team members and agency stakeholders including intel research, risk assessment, CVE’s, vendor hardware/software, open web application security project (OWASP) and industry trends.
Apply cyber security standards and best practices to develop remediation plans for technical and web application vulnerabilities.
Work with agencies to advocate the vulnerability program around areas of cybersecurity posture, program enhancement, risk reduction, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues.