Vulnerability Management Specialist

Job Details

Vulnerability Management Specialist will perform the following:

• *Defines, maintains, and enforces application security best practices
  *Conduct vulnerability assessment and manual/automated code reviews
  *Demonstrate vulnerabilities to application owners and provide mitigation recommendations
  *Proficient in any SAST, DAST, and OSA tools.
  *In depth knowledge with any programming language like Java, .NET, C#, etc.
  * Performs and conducts penetration tests and manual/automated code reviews.
  *Writes comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
  *In depth Knowledge of Secure Coding best practices and OWASP top 10, SANS 25, CVE, etc.
  *Identify AppSec related tools/conduct tool analysis, and provide recommendations
• Vulnerability Management Specialist will have at least five years of working knowledge and hands-on experience with five or more of the following tools: BurpSuite, SonarQube, OWASP/Maven, Fortify, Tenable, STIG Viewer, AWS Security Hub, AWS Inspector, ePO, ServiceNow, Jira, ADO, eMASS or equivalent GRC Tools.

Minimum Qualifications

• Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline and a minimum of 5 years of working knowledge and hands-on equivalent relevant experience.
• Candidates must have a Security+ certification or similar
• Candidates must have an active secret security clearance.
• Position requires on-site work in Alexandria VA 2-3 days/week.

Other Job Specific Skills

• Working knowledge and hands-on experience with the following:
  • BurpSuite
  • SonarQube
  • OWASP/Maven
  • Fortify, Tenable
  • STIG Viewer
  • AWS Security Hub
  • AWS Inspector
  • ePO, ServiceNow
  • Jira
  • ADO
  • eMASS or equivalent GRC Tools

#cjpost

Job Requirements:

• Work with engineering to ensure risk management documentation
• Assist with data collection for risk/compliance reporting
• Maintain Transmission segment risk information in company's corporate risk management system
• Support credit training and resolve risk management issues
• Select and recommend appropriate risk management controls
• Deliver training on risk management and use of the enterprise-wide risk analytics system
• Support business and risk reduction initiatives
• Supporting facilitation of risk workshops
• Build risk awareness within the organization and reduce risk and liability
• Direct risk management correspondence to appropriate involved parties
• Create comprehensive travel risk management programs for organizations
• Implement programs for risk management and loss prevention
• Assist with implementation of risk identification procedures to avoid, reduce or minimize risk
• Assist with updating the risk management procedure manual to ensure information
• Document ways to control or reduce risk
• Provide assistance and support for any risk management projects or reviews
• Provide update reports to management along with risk and issue analysis and resolution
• Identify and implement ways to improve and formalize risk-based approach for vendor security risk management
• Explain risk positions, or recommend changes
• Perform the global technology risk assessment