Vulnerability Management Specialist

Washington State

  • Olympia, WA
  • $97,356-130,992 per year
  • Permanent
  • Full-time
  • 13 days ago
DescriptionVulnerability Management Specialist(IT Security-Senior Specialist)WaTech: Join an exciting team!Washington Technology Solutions (WaTech) is a national leader in adopting new, innovative technologies that transform the way Washingtonians receive state services. We provide information technology oversight and central services for Washington state government, all of which makes this an exciting time to join our team of experienced IT professionals. As a part of this agency, you will have a unique opportunity to help advance the latest IT technologies and practices used by state government to meet the needs of Washingtonians.About the positionThe Vulnerability Management Specialist is a member of the Security Operations Center within WaTech's Office of Cybersecurity and reports to the Deputy CISO for Security Operations. The importance of vulnerability management lies in its ability to identify, prioritize and remediate vulnerabilities before they can be exploited. By conducting regular vulnerability assessments, organizations can gain a comprehensive overview of their security posture, and the risks associated with vulnerabilities. Vulnerability management is not a one-time activity, but a continuous and proactive process that requires constant monitoring and updating. A robust vulnerability management program can help organizations stay ahead of evolving cyber threats and protect valuable data.DutiesSome of what to expect in this role:
  • Review threat intelligence data from a variety of feeds and utilize that information to make appropriate risk-based decisions regarding vulnerability management and remediation.
  • Conduct and review vulnerability scans across enterprise applications and infrastructure using various tools and techniques.
  • Conduct risk-based analysis and prioritization for vulnerabilities.
  • Track and report on vulnerability, threat and attack surface findings.
  • Collaborate with Security Operations and Incident Response analysts to ensure appropriate cross-enterprise security operations and visibility.
  • Provide technical support for patching, remediation and attack surface reduction.
  • Evaluate the performance and quality of both existing and potential vendors, including their products or services.
  • Conduct regular audits and reviews of vendors and their processes to identify any risks or opportunities for improvement.
  • Develop and maintain enterprise vulnerability and attack surface management processes.
  • Deliver technical support, administration, and configuration oversight for vulnerability management and attack surface platforms and components by working directly with the tools and providing assistance to WaTech and agency customers.
  • Design, implement, and validate automated patches, remediation and attack surface solutions across the enterprise for new and existing tools.
  • Assist in the development of enterprise vulnerability and attack surface management policies.
  • Coordinate with agencies to assess impacts to agencies related to compliance with policy and process adoption across the enterprise to drive adoption and maximize vulnerability and attack surface reduction activities.
  • Leverage vulnerability metrics to ensure appropriate threat hunting and attack surface reduction are integrated into the full service of security operations capabilities.
QualificationsHere's what we're looking for:
  • Eleven years of IT experience supporting vulnerability management, security analytics, and/or remediation/patch management. *A bachelor's degree in an IT field or related field may substitute on a year-for-year basis for up to four years of required experience.
Required competencies:
  • In depth knowledge of:
  • Cybersecurity principles, standards and best practices.
  • Vulnerability assessment tools and techniques.
  • Threat intelligence sources and methods.
  • Cybersecurity risk management and priority modeling, analysis and planning.
  • Risk Assessment processes, and how they apply to IT infrastructure.
  • Incident Response processes and procedures.
  • Network and system infrastructure and related design.
Preference may be granted to applicants with the following:
  • Two years of experience with vendor management.
  • Two years' experience writing and implementing security procedures across large, diverse organizations.
  • CompTIA SEC+, CISSP, CCSP, GISP, CEH, platform (Cisco, Juniper, Microsoft, etc.) specific or similar industry-standard certification.
  • Thorough knowledge of Security standards and regulations such as ISO 27001/27002, COBIT, NIST 800-53, NIST CSF, ITIL, HIPAA, CJIS, etc.
  • Experience in independently working with and implementing new information technology solutions, unfamiliar architecture, and cutting-edge technology within a service provider and enterprise environment
Supplemental InformationWe value diversity and different perspectives:WaTech is committed to providing equal access and opportunities to all qualified applicants and employees. We seek to attract and retain a diverse staff and welcome your experiences, perspectives and unique identity.What WaTech offers:As an employee of WaTech, you'll have access to an outstanding that includes medical and dental plan options for you and your family, paid leave and holidays, retirement plan options and more.While WaTech is headquartered in Olympia, Washington, which is near some of the country's most , we are able to offer many of our positions telework and flexible schedule options to help support a healthy work-life balance.To learn more about WaTech and what our employees enjoy about working here, please .How to apply:Applications for this recruitment will be accepted electronically. Please select the large “apply” button at the top of this announcement. You may need to create a profile and account in Washington state's automated application system. We invite you to include your name and pronouns in your material to ensure we address you correctly throughout the application process.To be considered for this position you will need to:
  • Submit a complete Online Application.
  • Answer all required Supplemental Questions.
  • Attach a Letter of Interest that addresses how your experience qualifies you for this role.
  • Attach a Resume that clearly documents the work history, training, and education that makes you a viable and competitive candidate for this position.
  • Attach a separate document with at least Three Professional References. This should include: reference name, nature of the relationship (i.e. company and supervisor, coworker, etc.), phone number, and email. References should be individuals you have worked with in the past five years, if possible, and include at least one current, or most recent supervisor. *We will not conduct reference checks without your signed release.
Note: Applications without the requested information identified above or containing supplemental question responses with comments such as "see resume" may lead to your application being disqualified from consideration.Applicants wishing to claim Veterans Preference should attach a copy of their DD-214 (Member 4 copy), NGB 22, or signed verification of service letter from the United States Department of Veterans Affairs to their application. (Please redact any personally identifiable data such as social security number prior to submittal.)Conditions of employment:This position requires a background check. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant's suitability and competence to perform in the position and is a continued condition of employment.Recruitment process:First round of application assessments will be conducted seven days after the initial job posting date. The hiring authority reserves the right to offer the position at any time after the initial seven-day job posting date during the recruitment process. It is to the applicant's advantage to apply as early as possible. This recruitment may be used to fill multiple positions.Contact us: For inquiries about this position, please contact Rebekah Wilkes at (360) 407-8646 or email toPersons requiring accommodation in the application process or for an alternative format may contact Human Resources at (360) 407-8242 or .Persons of disability or those who are deaf or hard of hearing can call the Washington Relay Service by dialing 7-1-1 or 1-800-833-6388. WaTech complies with the employment eligibility verification requirements of the federal Form I-9. The selected candidate must be able to provide proof of identity and eligibility to work in the United States consistent with the requirements of that form on the first day of employment.

Washington State