Analyst, IT Vulnerability Management - Fort Worth, United States - Saxon Global

    Saxon Global
    Saxon Global Fort Worth, United States

    1 week ago

    Default job background
    Description
    Engineer, IT Vulnerability Management


    Location:
    Fort Worth, TX


    Setting:
    Hybrid - 2 days onsite, 3 days remote


    Pay rate:
    $55 - $60/hr on C2C


    Description:


    Specifically, you'll do the following:

    • Performs discovery scanning via the Vulnerability Management Platform (scheduled and ad-hoc)
    • Provides gap analysis to compare the list of known resources so gaps can be investigated and owners identified
    • Identifies resource types (e.g. router, desktop computer, server, network switch, firewall, etc.), operating systems, and whether active services are "Enterprise" level
    • Tracks via remediation management system and provides a wiki-style format to capture recommendation, analysis and facts, and links to other research
    • Populates data visualization tool (such as Tableau, Brinqa, and Hygieia) for reporting vulnerability metrics by system and owner
    • Researches vulnerabilities to determine attack vectors and possible vulnerable targets and launches specific scans and reports for that vulnerability in VM scanning tool(s).
    • Coordinates with business, IT teams, and Technology Risk Management (TRM) to remediate compliance findings in a timely manner while addressing risk reduction objectives
    • Defines, manages, and measures security configuration baselines in line with internal policies/standards and CIS benchmarks
    • Defines and manages cloud specific technical security policies (CSA security guidance)

    Qualifications

    Required Qualifications


    • Bachelor's degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS/MIS), Engineering or related technical discipline, or equivalent experience/training
    • 3 years of hands-on technical security engineering experience

    Certifications:
    CISSP, CISM, CISA, CEH, GCIH, GSEC, GCFA, GREM, CCENT


    • Ability to install, configure, troubleshoot, and administer VM Platform(s). (Ex.
    Tanium, Tenable, Coverity, Brinqa, etc.)


    • Experience with Tanium programming or creating custom configurations within Tanium
    • Experience with dynamic and static code analysis experience (e.g. QualysWAS, SAST tools, Tenable)
    • Experience with security configuration checklists (e.g. CIS Benchmarks and CSA security guidance)
    • Familiarity with NIST Special Publications (e.g ,800-53, CSF)
    • Familiarity with PCI DSS Compliance standards and scanning practices
    • Ability to code and script Python, SQL, BASH, or PowerShell
    • Ability to configure and use technical assessment tools such as Tanium Comply and Tenable Nessus
    • Deep understanding of the technical architecture of IT systems built using Windows, UNIX, Linux, Solaris, VMware, Citrix, Oracle, and MySQL platforms
    • Experience and knowledge in cloud and Kubernetes environments. (Azure Kubernetes Service, IBM Kubernetes service, Oracle Cloud Infrastructure, etc.)
    • Experience in DevOps Toolchain methodologies, including Continuous Integration and Continuous Deployment

    Preferred Qualifications

    • 5+ years of hands-on technical security engineering experience
    • Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups; strong
    • presentation and technical documentation skills
    • Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
    • Ability to work well within a team environment, as well as independently
    Comment

    This will be onsite 40% in Dallas.