back Back to Jobs

Sr. Engineer - IT Vulnerability Management

Location: Fort Worth, TX
Job # 11823064
Date Posted: 01-10-2019
This job is a member of the Technology Team, within the Information Technology Division. This role provides support to the Information Security (IS) Vulnerability Management team. Additionally, this role provides strong enterprise experience towards running vulnerability analyses and recommending mitigation possibilities, and ensures that the Vulnerability Management Platform is scanning to the level appropriate to all routable nodes on the network. This service provides enterprise visibility into strategic, ongoing related incident, and high visibility vulnerabilities within the enterprise.
Specifically, you’ll do the following:
  • Performs discovery scanning via the Vulnerability Management Platform (scheduled and ad-hoc)
  • Categorizes network nodes so that further vulnerability scanning can be focused on "Enterprise" services
  • Provides gap analysis to compare the list of known resources so gaps can be investigated and owners identified
  • Identifies resource types (e.g. router, desktop computer, server, network switch, firewall, etc.), operating systems, and whether active services are "Enterprise" level
  • Provides initial research to determine the type of node and identify any applications (such as World Wide Web (WWW), File Transfer (FTP), Email (SMTP and POP3), and Name Services) running on the target system to assist in identifying the owner
  • Tracks via case management system (such as Phantom, Archer, or Cherwell) and provides a wiki-style format to capture recommendation, analysis and facts, and links to other research
  • Populates data visualization tool (such as Tableau and Hygieia) for reporting vulnerability metrics by system and owner
  • Researches vulnerabilities to determine attack vectors and possible vulnerable targets, and launches specific scans and reports for that vulnerability in Qualys and Coverity
  • Coordinates with business, IT teams, and IS Risk to remediate compliance findings in a timely manner while addressing risk reduction objectives
  • Demonstrates continuous improvement mindset
  • Maintains an effective approach to problem solving, multi-tasking, coordinating, and scheduling in accordance with stated goals to ensure visibility and predictability
  • Works extended hours occasionally, based on the needs of the project and the operation
  • Travels, as required
Required Qualifications
  • Bachelor’s degree in Computer Science, Computer Engineering, Technology, Information Systems (CIS/MIS), Engineering or related technical discipline, or equivalent experience/training
  • 3 years of hands-on technical security engineering experience
  • Ability to install, configure, troubleshoot, and administer QualysGuard, QualysWAS
  • Experience with Qualys API programming or creating custom configurations within Qualys
  • Experience with dynamic and static code analysis experience (e.g. QualysWAS, SAST tools)
  • Experience with security configuration checklists (e.g. CIS Benchmarks)
  • Familiarity with NIST Special Publications (e.g. 800-53, 800-37)
  • Familiarity with PCI DSS Compliance standards and scanning practices
  • Demonstrated experience with NIST 800-53, NIST 800-53A, NIST 800-30 and NIST 800-37
Qualifications (Continued)
Required Qualifications (Continued)
  • Ability to code and script Python, SQL, BASH, or PowerShell
  • Ability to configure and use technical assessment tools such as Tenable Nessus and Burp Suite
  • Deep understanding of the technical architecture of IT systems built using Windows, UNIX, Linux, IBM AIX, VMware, Citrix, Oracle, and MySQL platforms
  • Working knowledge of networking and security technologies such as firewalls, IDS/IPS, and load balancers
  • Working knowledge of Windows and Unix operating systems
  • Working knowledge of common database platforms
  • Ability to manage conflicting priorities and customer expectations in a fast paced operational environment
  • Ability to analyze complex problems and implement solutions and/or workarounds
  • Ability to work on multiple projects simultaneously with a keen desire to learn and expand depth of knowledge
  • Ability to thrive in a sense-of-urgency environment and leverage best practices
  • Demonstrated initiative, flexibility, and ability to adapt to changing priorities and work environments
  • Experience in DevOps Toolchain methodologies, including Continuous Integration and Continuous Deployment
  • Proficiency in  Agile project management methodology, specifically within infrastructure area
  • Proficiency in Microsoft Suite (Word, Excel, PowerPoint, Access, and Visio)
Preferred Qualifications
  • 5+ years of hands-on technical security engineering experience
  • Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups; strong presentation and technical documentation skills
  • Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
  • Ability to work well within a team environment, as well as independently
Additional Locations: None
Requisition ID: 25304 

Apply/View Full Description - Select North Texas LEAD as Application Referral Source
Gyna M. Bivens
President & Executive Director
North Texas LEAD

Did you apply?

this job portal is powered by CATS


About LEAD

North Texas LEAD Corporate/Community Partnership

North Texas

Photo Gallery

Letter from Mayor

LEAD Applicants

See Our Video

The Application Process

Did you apply?

Suggestions from Human Resources Experts

PayPal Donate Link


© North Texas LEAD All Rights Reserved 2007 Black Lotus Web Design