Vulnerability Management - Technology Assessment - Associate
- Reston, VA, USA
- Employees can work remotely
At this company, futures are made. The inspiring work we do makes an affordable home a reality and a difference in the lives of Americans. Every day offers compelling opportunities to modernize the nation's housing finance system while being part of an inclusive team using new, emerging technologies. Here, you will help lead our industry forward, enhance your technical expertise, and make your career.Job Description
As a valued colleague on our team, you will assist in assessing systems and networks, and identifying deviations from acceptable configurations.THE IMPACT YOU WILL MAKE
The Vulnerability Management - Technology Assessment - Associate role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:
Qualifications THE EXPERIENCE YOU BRING TO THE TEAM
- Conduct platform or operating system vulnerability assessments for on-prem or Cloud assets.
- Investigate ownership of technologies associated with vulnerabilities for remediation.
- Track and manage vulnerabilities and secure configuration baseline findings from notification through to closure.
- Create and generate customized vulnerability and secure configuration baseline reports and dashboards as needed.
- Conduct secure configuration baseline scans such as based on Center of Internet Security (CIS) benchmarks for various technologies. Customize or create source scan files for vulnerability and secure configuration baseline scans.
- Streamline and/or automate existing processes as applicable.
Education Level Required
- Bachelor’s degree or Equivalent Education Level Preferred
Area of Study Preferred
- Computer Science or IT/IS Certifications Required (if any)
- Industry certifications (e.g. Security+, CISSP) (preferred but not required)
- Cloud certifications (e.g. AWS Certified Cloud Practitioner) (preferred but not required)
- Experience performing security assessments in a corporate environment and have an awareness of public or private cloud infrastructure
- Experience managing the security vulnerability lifecycle from detection through notification and closure whether through the determination of false positive, risk acceptance, or remediation.
- Experience in assessing mitigating controls if timely remediation is not feasible.
- Experience in analyzing false positives and validating the effectiveness of patches applied.
- Experience utilizing vulnerability management tools
- Experience conducting secure configuration baseline scanning using at least Center of Internet Security (CIS) in a corporate environment
- Experience using APIs (bonus if it is with a scanning tool)
- Good understanding/use of a diverse range of technologies (such as operating system, third-party software, middleware, databases, network devices, databases etc.).
- Some exposure to scripting and automation
- Intermediate to strong knowledge of Windows as well as *NIX operating systems.
- Intermediate to strong knowledge of Regex
- Excellent time management skills.
- Ability to work in a team environment
- Strong interpersonal, oral, and written communication skills
- Decision-making and problem-solving skills including the ability to clearly define and resolve issues
- Ability to work effectively and organize priorities independently
- Good organizational skills
- High-level critical thinking and detail analysis needed to perform duties related to projects, compliance, metrics, assurance, vulnerabilities, secure configuration findings or threats.
- Excellent analytical and problem-solving skills
- Exemplary personal and professional integrity
- Any vulnerability scanning tool such as Tenable.sc (formerly Security Center), Nessus, Tenable.io, BeyondTrust, Qualys Guard, Inspector, PrismaCloud/Twistlock, etc.
- Microsoft Excel – at least intermediate level with the use of macros and comfortable using different formulae
- Jira Software