At least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, scripting, vulnerability management scan result analysis, Excel
- Strong knowledge of CVE’s, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations
- Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7 and Tenable; extensive hands-on experience conducting Rapid7 and Tenable vulnerability scans across various networks; experience conducting Rapid7 and Tenable vulnerability management analysis through reports and dashboards to accurately identify risk
- Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation
- Experience conducting intel research around CVE’s, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers
- Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks
- Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables
Desired Skills
- Experience with Cybersecurity standards and best practices and how to integrate them
- Provide oral and written reports on vulnerability risk to the team and possibly agencies’ technical stakeholders
- Ability to evaluate the current threat landscape that includes tactics, techniques and procedures
- Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc.
- Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.
- Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
- Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5, Microsoft, Unix/Linux, etc.
- Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures.
- Extensive experience with Windows and Linux Servers
- Exceptional written and oral communication skills
- Exceptional organizational and analytical skills
- Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)