111 Vulnerability Management jobs in Jersey City

SCOPE OF SERVICES The Cyber Command Threat Management division within our client requires a Vulnerability Management Specialist to serve as a subject matter expert for vulnerability management:
Tasks

• Research, analyze and brief management and team members on relevant Risk, CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations for various technologies
• Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools
• Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks
• Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk
• Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation
• Present succinct technical briefings to team members and customers for Client research, risk assessment, CVE's, vendor hardware/software, industry trends
• Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks
• The ability to automate detection, reporting and tracking of vulnerabilities identified
• Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint
• Travel within NYC for various projects when necessary

MANDATORY SKILLS/EXPERIENCE
Note: Candidates who do not have the mandatory skills will not be considered

• At least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability Client analysis, vulnerability management scan result analysis, Excel
• Strong knowledge of CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations
• Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk
• Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation
• Experience conducting Client research around CVE's, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers
• Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks
• Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables

DESIRABLE SKILLS/EXPERIENCE:

• Provide oral and written reports on vulnerability risk to the team and possibly agencies' technical stakeholders
• Ability to evaluate the current threat landscape that includes tactics, techniques and procedures
• Work with agencies to evangelize the Cyber Command program around areas of cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues
• Experience using Tableau for reporting and analysis purposes

• Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc.
• Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.
• Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
• Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5, Microsoft, Unix/Linux, etc.
• Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures.
• Extensive experience with Windows and Linux Servers
• Exceptional written and oral communication skills
• Exceptional organizational and analytical skills
• Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)

Company Description

Job Description

OPEN TO OTI EMPLOYEES ONLY

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About New York City Cyber Command
The New York City Office of Technology and Innovation (OTI) Cyber Command is committed to protecting City systems and technology infrastructure that provide and enable vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.

As the organization defending the largest municipality in the country, OTI Cyber Command is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.

Mission Statement
"To lead and execute an innovative, intelligence-driven, risk-informed cyber defense and response strategy -- with the support of key partners and allies -- that enables the city government to properly function and provide services to New Yorkers.

Vision Statement
"New York City the most cyber-resilient city in the world"

Job Description
Cyber Command's Vulnerability Management (VM) program defines, promotes, assures, and measures the security of connected infrastructure so vital to the City of New York that their incapacitation or destruction would have a debilitating effect on security, economic security, or public health or safety. The Vulnerability Management Specialist will work with NYC agencies that provide public safety and emergency response services to New Yorkers, private sector technology services providers, and teams within OTI to ensure the security and resiliency of systems that support these critical services. The Vulnerability Management Specialist will perform assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. The Vulnerability Management Specialist will measure effectiveness of defense-in-depth architecture against known vulnerabilities.

Responsibilities will include:
-Assist in the analysis and remediation of findings discovered during scheduled internal and third-party vulnerability scans and penetration tests;
-Review and triage vulnerability alerts into manageable reports for the Vulnerability Management team to review and action;
-Provide relevant analysis, suggest mitigations, track remediation, manage scheduled scans, identify gaps and expand scan coverage, and escalate as appropriate;
-Conduct cybersecurity risk assessments;
-Conduct vulnerability research for the purpose of threat exposure management and attack surface reduction;
-Develop security documentation and SOP's;
-Perform on-site activities, including implementing cybersecurity solutions or performing security assessment activities, including technical configuration reviews;
-Develop scripts for automation
-Handle special projects and initiatives as assigned.

HOURS/SHIFT
Day - Due to the necessary technical support duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings

WORK LOCATION
Brooklyn, NY

TO APPLY- OPEN TO OTI EMPLOYEES ONLY

Only permanent employees in the title and those that are reachable on the civil service list are eligible to apply.

* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

Please go to and search for Job ID#716029

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

NOTE: This position is open to qualified persons with a disability who are eligible for the 55-a Program.
Please indicate in your cover letter that you would like to be considered for the position under the 55-a program.

OTI participates in E-Verify

CYBER SECURITY ANALYST - 13633

Qualifications

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State's department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in "1" above; or

3. Education and/or experience equivalent to "1" or "2", above. College education may be substituted for up to two years of the required experience in "2" above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

SCOPE OF SERVICES The Cyber Command Threat Management division within OTI requires a Vulnerability Management Specialist to serve as a subject matter expert for vulnerability management:
Tasks

• Research, analyze and brief management and team members on relevant Risk, CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations for various technologies
• Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools
• Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks
• Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk
• Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation
• Present succinct technical briefings to team members and customers for Client research, risk assessment, CVE's, vendor hardware/software, industry trends
• Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks
• The ability to automate detection, reporting and tracking of vulnerabilities identified
• Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint
• Travel within NYC for various projects when necessary

MANDATORY SKILLS/EXPERIENCE
Note: Candidates who do not have the mandatory skills will not be considered

• t least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability Client analysis, vulnerability management scan result analysis, Excel
• Strong knowledge of CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations
• Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk
• Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation
• Experience conducting Client research around CVE's, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers
• Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks
• Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables

DESIRABLE SKILLS/EXPERIENCE:

• Provide oral and written reports on vulnerability risk to the team and possibly agencies' technical stakeholders
• bility to evaluate the current threat landscape that includes tactics, techniques and procedures
• Work with agencies to evangelize the Cyber Command program around areas of cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues
• Experience using Tableau for reporting and analysis purposes

• Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc.
• Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.
• Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
• Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5, Microsoft, Unix/Linux, etc.
• bility to analyze Cybersecurity documentation, including security policies, plans, and procedures.
• Extensive experience with Windows and Linux Servers
• Exceptional written and oral communication skills
• Exceptional organizational and analytical skills
• Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)

UNIVERSAL Technologies is seeking a Cybersecurity Vulnerability Management Specialist for a long-term engagement supporting cyber threat management initiatives. This is a Hybrid role – must be able to work on-site 3 days a week in Brooklyn, NY. The selected candidate will serve as a subject matter expert in vulnerability management, specifically using Rapid7, and will be responsible for identifying, analyzing, and mitigating vulnerabilities across enterprise environments. This is a technical, hands-on role requiring at least 8 years of Cybersecurity experience, scripting abilities, and experience automating vulnerability tasks.

WHO WE ARE:

UNIVERSAL Technologies, LLC is a Women-Owned (M/WBE) IT solutions and consulting company focused on delivering enterprise systems that significantly improve our clients' IT performance. We work across the IT spectrum including Development, Business/Systems/Data Analysis, Project Management, Cyber Security, Network Engineering, and High-Level System Architecture.

We empower skilled professionals to make a meaningful impact through mission-driven projects that shape how public services are delivered.

WHAT WE OFFER:

Our W2 employees can expect the following benefits:

• Competitive pay

• Health/Dental Insurance

• Group Life Insurance

• 401K

• HSA/FSA

• Pre-Tax Transportation Program

• Generous Paid Time Off/Holiday Policy

MANDATORY SKILLS/EXPERIENCE:

Candidates who do not meet the following requirements will not be considered.

• Minimum 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, and vulnerability intel analysis

• Expertise in CVE’s, CVSS, Vector Strings, NVD, Mitre, attack vectors, and mitigation strategies

• Strong hands-on experience designing, architecting, and building Rapid7 vulnerability management scanning infrastructure and tools

• Proven experience conducting and configuring Rapid7 vulnerability scans across various networks

• Experience analyzing Rapid7 scan results using dashboards and reports to prioritize risk

• Skilled in evaluating vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation

• Experience performing technical briefings on CVE research, vendor vulnerabilities, and threat assessments

• Proficiency in scripting using Python and PowerShell to automate vulnerability management tasks

• Strong Excel skills, including VLOOKUP and Pivot Tables for data analysis

• Ability to deliver written and oral reports on vulnerability risks to internal teams and agency stakeholders

• Familiarity with evaluating current threat landscapes including tactics, techniques, and procedures

• Experience advising agencies on cybersecurity posture, risk reduction, and scan performance issues

• Experience using Tableau for reporting and analysis

• Background in networking and cybersecurity technologies such as firewalls, IDS/IPS, DMZ, VPN, DNS, and proxies

• Working knowledge of security best practices across Microsoft Windows, Linux, VMware, Cisco IOS, Android/iOS

• Understanding of public-key cryptography, encryption, encoding, and hashing methods

• Familiarity with security frameworks and best practices (e.g., NIST, CIS, Palo Alto, Fortinet, Microsoft, Unix/Linux)

• Ability to interpret cybersecurity documentation including security policies and procedures

• Hands-on experience with Windows and Linux server environments

• Strong written and verbal communication skills

• Highly organized with exceptional analytical capabilities

• Relevant certifications such as CISSP, GSEC, GCIA, GCIH, CEH, CWAPT

SCOPE OF SERVICES:

• Serve as subject matter expert for vulnerability management across enterprise systems

• Research, analyze, and brief stakeholders on CVEs, attack vectors, and industry mitigations

• Design, build, and manage Rapid7 scanning infrastructure and tools

• Configure and conduct vulnerability scans across multiple networks

• Analyze scan results and generate dashboards to assess and prioritize risk

• Develop remediation strategies and oversee implementation

• Present technical briefings on risk, vendor vulnerabilities, and threat trends

• Create scripts (Python, PowerShell) to automate vulnerability detection, tracking, and reporting

• Develop comprehensive reports using Rapid7, Excel, PowerPoint, and custom scripting

• Travel within NYC as needed to support various cybersecurity initiatives

UNIVERSAL Technologies is an Equal Opportunity Employer.

Job Title: Cyber Command Vulnerability Management Specialist

Location: Brooklyn, NY 11201 (Hybrid)

Labor Category: Specialist 2

Job Type: Contract

Duration: 2 Years

Work schedule: Hybrid: 3 days per week in office (Normal business hours Monday-Friday 35 hours/week)

Pay Rate: $70 per hour

Job Description / Justification:

The resource will contribute to OTI Cyber Command’s ability to issue timely vulnerability notifications and prioritized system patching info. Without timely vulnerability notification and patching, the City cannot effectively adjust its defensive controls and reduce its attack surface resulting in the increased likelihood of cyber events that may require costly remediation efforts.

The threat to the City’s attack surface has only continued to grow due to a 40% increase of vulnerabilities in the technology used across the City agencies. These vulnerabilities are leveraged by attackers to commit malicious events such as information theft and ransomware

SCOPE OF SERVICES

The Cyber Command Threat Management division within OTI requires a Vulnerability Management Specialist to serve as a subject matter expert for vulnerability management:

Tasks

? Research, analyze and brief management and team members on relevant Risk, CVE’s, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations for various technologies

? Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools

? Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks

? Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk

? Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation

? Present succinct technical briefings to team members and customers for intel research, risk assessment, CVE’s, vendor hardware/software, industry trends

? Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks

? The ability to automate detection, reporting and tracking of vulnerabilities identified

? Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint

? Travel within NYC for various projects when necessary

MANDATORY SKILLS/EXPERIENCE

Note: Candidates who do not have the mandatory skills will not be considered

• At least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability intel analysis, vulnerability management scan result analysis, Excel
• Strong knowledge of CVE’s, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations
• Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk
• Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation
• Experience conducting intel research around CVE’s, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers
• Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks

• Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables

DESIRABLE SKILLS/EXPERIENCE:

• Provide oral and written reports on vulnerability risk to the team and possibly agencies’ technical stakeholders
• Ability to evaluate the current threat landscape that includes tactics, techniques and procedures
• Work with agencies to evangelize the OTI Cyber Command program around areas of cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues
• Experience using Tableau for reporting and analysis purposes
• Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc.
• Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.
• Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
• Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5, Microsoft, Unix/Linux, etc.
• Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures.
• Extensive experience with Windows and Linux Servers
• Exceptional written and oral communication skills
• Exceptional organizational and analytical skills
• Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)

Cyber Command Vulnerability Management Specialist

Location: Brooklyn, NY/Hybrid

Duration: 2 Years

SCOPE OF SERVICES

The Cyber Command Threat Management division within Client requires a Vulnerability Management Specialist to serve as a subject matter expert for vulnerability management:

Tasks

Research, analyze and brief management and team members on relevant Risk, CVE’s, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations for various technologies

Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools

Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks

Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk

Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation

Present succinct technical briefings to team members and customers for intel research, risk assessment, CVE’s, vendor hardware/software, industry trends

Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks

The ability to automate detection, reporting and tracking of vulnerabilities identified

Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint

Travel within NYC for various projects when necessary

MANDATORY SKILLS/EXPERIENCE

Note: Candidates who do not have the mandatory skills will not be considered

At least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability intel analysis,vulnerability management scan result analysis, Excel

Strong knowledge of CVE’s, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations

Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk

Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation

Experience conducting intel research around CVE’s, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers

Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks

Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables

DESIRABLE SKILLS/EXPERIENCE:

Provide oral and written reports on vulnerability risk to the team and possibly agencies’ technical stakeholders

Ability to evaluate the current threat landscape that includes tactics, techniques and procedures

Work with agencies to evangelize the ClientCyber Command program around areas of cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues

Experience using Tableau for reporting and analysis purposes

Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc.

Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.

Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques

Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5, Microsoft, Unix/Linux, etc.

Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures.

Extensive experience with Windows and Linux Servers

Exceptional written and oral communication skills

Exceptional organizational and analytical skills

Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)

10+ Years

Title: Cyber Command Vulnerability Management Specialist
Client: New York City Office of Technology and Innovation
Location: Brooklyn, NY (Hybrid) 3 days per week in office
Duration: 24 Months
Working Hours: 35 Hours per Week
Rate: $60/hr on C2C

Description:

• Research, analyze and brief management and team members on relevant Risk, CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations for various technologies

• Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools

• Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks

• Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk

• Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation

• Present succinct technical briefings to team members and customers for Client research, risk assessment, CVE's, vendor hardware/software, industry trends

• Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks

• The ability to automate detection, reporting and tracking of vulnerabilities identified

• Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint

• Travel within NYC for various projects when necessary

Requirements:

• At least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability Client analysis, vulnerability management scan result analysis, Excel

• Strong knowledge of CVE's, CVSS, Vector Strings, NVD, Mitre , attack vectors and mitigations

• Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk

• Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation

• Experience conducting Client research around CVE's, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers

• Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks

• Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables

Title: Cyber Command Vulnerability Management Specialist
Location: Brooklyn, NY 11201
Duration: 2 years

Job Description:

The resource will contribute to Cyber Command's ability to issue timely vulnerability notifications and prioritized system patching info.
Without timely vulnerability notification and patching, the City cannot effectively adjust its defensive controls and reduce it's attack surface resulting in the increased likelihood of cyber events that may require costly remediation efforts.
The threat to the attack surface has only continued to grow due to a 40% increase of vulnerabilities in the technology used across the agencies.
These vulnerabilities are leveraged by attackers to commit malicious events such as information theft and ransomware.

Scope of Services:

The client requires a Vulnerability Management Specialist to serve as a subject matter expert for vulnerability management

• Research, analyze and brief management and team members on relevant Risk, CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations for various technologies
• Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools
• Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks
• Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk
• Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation
• Present succinct technical briefings to team members and customers for Client research, risk assessment, CVE's, vendor hardware/software, industry trends
• Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks
• The ability to automate detection, reporting and tracking of vulnerabilities identified
• Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint
• Travel within NYC for various projects when necessary

MANDATORY SKILLS/EXPERIENCE
Note: Candidates who do not have the mandatory skills will not be considered

• t least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability Client analysis, vulnerability management scan result analysis, Excel
• Strong knowledge of CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations
• Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk
• Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation
• Experience conducting Client research around CVE's, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers
• Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks
• Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables

• Provide oral and written reports on vulnerability risk to the team and possibly agencies' technical stakeholders
• bility to evaluate the current threat landscape that includes tactics, techniques and procedures
• Work with agencies to evangelize the OTI Cyber Command program around areas of cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues
• Experience using Tableau for reporting and analysis purposes
• Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc.
• Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.
• Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
• Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5, Microsoft, Unix/Linux, etc.
• bility to analyze Cybersecurity documentation, including security policies, plans, and procedures.
• Extensive experience with Windows and Linux Servers
• Exceptional written and oral communication skills
• Exceptional organizational and analytical skills
• Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)

Role: Cyber Command Vulnerability Management Specialist
Location: Brooklyn, NY (Hybrid)
Duration: 24+ Month
Type: Contract

Note: Hybrid: 3 days per week in office at 11 MetroTech Center, 5 th Floor, Brooklyn, NY 11201 / 2 days per week remote

Job Description:

• Research, analyze and brief management and team members on relevant Risk, CVE's, CVSS, Vector
• Strings, NVD, Mitre, attack vectors and mitigations for various technologies
• Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools
• Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks
• Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk
• Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation
• Present succinct technical briefings to team members and customers for Client research, risk assessment, CVE's, vendor hardware/software, industry trends
• Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks
• The ability to automate detection, reporting and tracking of vulnerabilities identified
• Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint
• Travel within NYC for various projects when necessary

MANDATORY SKILLS/EXPERIENCE:

• t least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability Client analysis, vulnerability management scan result analysis, Excel
• Strong knowledge of CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations
• Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk
• Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation
• Experience conducting Client research around CVE's, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers
• Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks
• Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables

DESIRABLE SKILLS:

• Provide oral and written reports on vulnerability risk to the team and possibly agencies' technical stakeholders
• bility to evaluate the current threat landscape that includes tactics, techniques and procedures
• Work with agencies to evangelize the OTI Cyber Command program around areas of Cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues
• Experience using Tableau for reporting and analysis purposes
• Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec,
• DNS, SMTP, HTTP, VPN, proxies, etc.
• Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare,
• Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.
• Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
• Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5,
• Microsoft, Unix/Linux, etc.
• bility to analyze Cybersecurity documentation, including security policies, plans, and procedures.
• Extensive experience with Windows and Linux Servers
• Exceptional written and oral communication skills
• Exceptional organizational and analytical skills
• Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security
• Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH),
• Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)