Vulnerability Management Consultant
Previous Job
Vulnerability Management Consultant
Ref No.: 18-31331
Location: Owing Mills, Maryland
Start Date: 05/07/2018
 Job Summary –
  • Hands-on experience with Tenable Security Center.
  • The candidate should have experience creating and running scans, analyzing the results, and creating and maintaining asset groups.
  • An understanding of penetration testing techniques, tools, and validation of results.
  • The candidate will not be expected to perform penetration testing, but should be able to explain how a given vulnerability might be exploited by an attacker.
  • Experience performing vulnerability assessments and remediation, and creating or modifying security policies and procedures. The candidate should be able to recommend remediation or mitigation strategies based on scan findings.
Job Responsibilities –
  • In depth understanding in multiple areas of Information Security such as networking (TCP/IP, network protocols), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.). The candidate should be able to discuss how a vulnerability might be mitigated through different security controls.
  • Experience working with Information Security tools in a large, complex, multi-platform environment.
  • Experience with web application testing a plus, but not required. 
Minimum Qualifications –
  • Information Security requires a resource with expert knowledge and a proven track record in the areas of vulnerability assessments and scanning, patch management with the ability to develop enterprise programs from the ground up.
  • Key requirements are knowledge of Windows Server, Desktop, and AIX/UNIX systems and patching protocols that will be used to develop SOPs and policy frameworks to secure these environments.
  • The goal of the effort is to identify and remediate/address security vulnerabilities through implementation of security frameworks (NIST, DISA STIGs, and CIS benchmarks) as measurement against security baselines and implementation of patch management processes ensuring security configurations are current and complete, with vulnerability scans run on a periodic basis to evaluate compliance