Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
Master Linux is recruiting for one of big banks in Egypt an experienced Vulnerability Management Analyst & Security Controls Assessor. This is a hybrid job combining vulnerability management analysis and security controls assessments, which will involve a variety of assessment and analysis duties, including:
Responsibilities:
Perform vulnerability assessment scans on a daily basis against:
- Host-based (various operating systems, virtual, networking components)
- Web Applications (Apache, IIS, Nginx)
- Code Reviews (.NET, Java, Jscript, C++, etc.)
- Perform analysis of scan results to determine applicability on a daily basis.
- Provide remediation guidance to system owners and stakeholders on a daily basis.
- Use expertise to provide mitigation strategies to help remediate vulnerabilities on a daily basis.
- Continually maintain the health of vulnerability scanning tools and ensure they are operating as expected on a daily basis.
- Review scan results from various tools and incorporating those results in the System Assessment Report (SAR).
- Work with vulnerability scanning tool support engineers to identify, troubleshoot, and remediate issues on a daily basis.
- Perform compliance scans against defined HRSA baselines on a weekly basis or as needed.
- Provide process improvement recommendations for day-to-day operations.
- Provide recommendations to system owners and information system security officers (ISSOs) for remediating vulnerabilities.
- Provide support to the Incident Response and Investigation Teams when called upon.
- Provide occasional training of vulnerability management tools to stakeholders.
- Write supporting documentation of vulnerability management processes and procedures.
- Work with the HRSA Risk Management team to determine risks to the system based on vulnerability results and compensating or mitigating controls in place.
- Help manage the risk management (RM) team in reviewing documents from customers and interactions with customers on behalf of the team.
- Perform security control assessments (full and annual assessments) and develop assessment-related documentation (e.g., SAP, SAR, POA&Ms).
- Review POA&M weaknesses prior to closure to ensure remediation.
- Perform tool upgrades, updates, and patches as necessary.
- Develop vulnerability reports and dashboards, in order to provide new insight into existing vulnerabilities.
- Implement various levels of automation among tools in the SOC’s cyber security ecosystem and/or the HRSA IT Infrastructure to improve the effectiveness and efficiency of vulnerability management.
- Conduct baseline configuration compliance scanning and work with system administrators to correct configuration issues to ensure compliance with agency configuration requirements.
Job Requirements
- Minimum of 5 years of experience in both vulnerability management as well as security control assessments
- Experience writing Security Assessment Reports (SARs) for documenting security assessment results
- Experience reviewing scan results from various tools and incorporating results in in the security assessment process.
- Experience providing recommendations to system owners and ISSOs for remediating vulnerabilities.
- Position requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation.
- Experience with vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures.
- Experience implementing, managing or governing security technologies, including vulnerability scanning tools (Nmap, Openssl, Nessus, BigFix, or similar vulnerability scanning tools) is required.
- Operating system concepts - experience with both Windows and Linux environments.
- Static code scanning experience preferred but not required.
- Bachelor's degree in IT or related field