Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Vulnerability Management Analyst (ITS 2 (IS))
Company NYS Office of Information Technology Services
Location Albany, NY
Preferred GIAC Certifications GSEC
Travel 0%
Salary $56,604 - $71,980
Contact Name Anonymous
Contact Email HR.Recruitment.its/at/
Expires 2021-08-23

Job Description

Under the direction of senior team members within the Chief Information Security Office/Governance, Risk, & Compliance/Vulnerability Management section, this position will be a member of the Vulnerability Management team that provides vulnerability scanning services for ITS Portfolios, their client agencies, and other New York State entities government entities. The incumbent will perform platform maintenance on scanning platforms, web server, and database server. The incumbent will also develop, interpret, and deliver vulnerability scan reports, and assist with the development of process automation within the section.

The position requires communicating orally and in writing with various individuals including management, users, vendors, and other IT staff. The incumbent will have to work with ITS teams and upper-level agency management to help them understand the vulnerability data and provide input on corrective actions.

The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information, critical systems, NYS agencies, ITS, or other NYS government entities.

Specific duties include, but are not limited to:
• Maintain vulnerability scanning tools including tool configuration, scan configuration, and report generation.
• Oversee the scheduling of scans in coordination with owners and custodians to ensure minimal impact to operational activities.
• Ensure appropriate owners and custodians are receiving scan reports and results.
• On behalf of owners and custodians, interpret scan results and determine appropriate remediation steps in coordination with other members of Risk Management and Integrated Security Services.
• Use SQL to obtain relevant data in the creation of reports.
• Use python and command line (batch) coding skills to help automate routine and special operational tasks.
• Assist with incident response activities including initiating mitigation and tracking of vulnerabilities
• Monitors and stays aware of information security industry trends, tools, and techniques.
• Performs additional duties as required.

Minimum Qualifications:

Bachelor’s degree* with at least 15 credit hours in cyber security, information assurance, or information technology.

*Substitution: Bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general information technology experience.

Preferred Qualifications:

• Bachelor's Degree with a concentration or major in Information Security, Cyber Security, Digital Forensics, Information Assurance, or a related field.

• Certificate in Information Security Fundamentals (e.g., Security+, GSEC, CISF, GISF)

• 1+ years’ experience in technical writing

• Possess a working knowledge of:

o Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering).
o Computer programming and scripting.
o Database maintenance.
o Computer networks, intrusion detection systems, routers, firewalls, operating systems, network vulnerability assessments, web application vulnerability assessments, computer programming and scripting.