Senior Vulnerability Risk Management Specialist

• Source and review security advisories on emerging vulnerabilities and initiate timely actions to mitigate vulnerabilities reported as critical.
• Maintain configurations for scan jobs i.e., asset, scan policies, credentials, plugins, and audit files.
• Maintain knowledge of applicable vulnerability management industry best practices.
• Serve as liaison between MDH and DOIT Security Operation Center (SOC) functions on matters pertaining to vulnerability scanning.
• Establish and maintain an updated inventory of all MDH computing devices.
• Define, develop, and implement vulnerability management reports, metrics, dashboards.
• Other duties pertaining to vulnerability management.
• Record all High and Critical vulnerabilities in the MDH risk register, track all websites included in WAS, and monitor/track associated remediation efforts.
• Ensure that vulnerability scan jobs are operating as expected i.e., completeness each scan jobs in terms of timeliness, scope of assets scanned, and usage of latest plugins.
• Define, develop, and implement vulnerability management policies, processes, and procedures to support and maintain the Vulnerability Management Program.
• Plan, schedule, and communicate status vulnerability management efforts to include regularly scheduled reports and ad hoc reports.
• Establish and maintain an updated inventory of Operating Systems (OSes) and software products and versions installed on all MDH devices.
• Monitor and coordinate resolution of failed scan jobs i.e., missing credentials, asset list updates, firewall issues, and policy and plugin misconfigurations.
• Validate all devices across MDH have the Tenable/Qualys agents are deployed and running.
• Plan and coordinate vulnerability management activities program.
• Prepare vulnerability management reports on the status of patch and secure configuration audit scans and associated remediation efforts.
• Research remediation measures to provide remediation/mitigation recommendations.
• Establish, communicate, and maintain guidance on security configuration standards for OSes, database systems, web servers, networking devices, and other applications.
• Review and resolve findings raised as false positive, providing guidance on validation procedures, and required artifacts while also researching and reporting on scan plugin issues.
• Configure, schedule, and run routine discovery, patch, and secure configurations audit scans.
• Analyze vulnerability scans results and generate and communicates findings to IT Managers.

• 10-12 years of hands-on experience planning, executing, monitoring, and controlling, and successfully closing vulnerability management tasks.

• Able to perform conduct vulnerability assessment, identify and validate findings, research resolutions, and provide remediation/mitigation recommendations.
• Able to communicate effectively through writing, speaking, and presenting to client technical and non-technical representatives.
• Customer-oriented with excellent issue follow-through and resolution abilities.
• Experience with vulnerability management tools such as Tenable Security Center/Nessus Scanners, Qualys.
• Able to plan, coordinate, monitor, close, and report vulnerability remediation/mitigation effort System/LAN administration experience, particularly with Windows OS and Linux OS.
• Bachelor’s degree from accredited college or university
• Self-starter, able to work independently, establish priorities and self-manage to complete task within deadlines that are responsive to client needs.
• Utilize tools and analytical skills to plan and execute technical changes.
• Experience with Governance, Risk, and Compliance (GRC) platforms such as RSA Archer, ServiceNow GRC, CSAM.
• Team player capable of productively contributing to the client mission by supporting fellow teammates in a dynamic growing and changing environment.
• Experience with Database Management Systems scanning tools such as DB Protect, AppDetectivePRO.

Location: Remote, Eastern time zone.

• Development – Annual performance management, continuing education, and tuition assistance, internal job opportunities along with career enrichment and advancement to help each employee with their professional and personal development
• Wellness – Healthcare benefits, Wellness programs provide employees with several wellness options
• Recognition – Great achievements do not go unnoticed by DMI through Annual Awards ceremony, service anniversaries, peer-to-peer acknowledgment through Spotlight, employee referral
• Community – Blood drives, volunteering opportunities, Holiday parties, summer picnics, Tech Chef, Octoberfest just to name a few ways DMI comes together as a community
• Convenience/Concierge - Virtual visits through health insurance, pet insurance, commuter benefits, discount tickets for movies, travel, and many other items to provide convenience
• Financial – Generous 401k match for both pre-tax and post-tax (ROTH) contributions along with financial wellness education, EAP, Life Insurance and Disability help provide financial stability for each DMI employee