Vulnerability Management Engineer

About the role

As a member of the Hypori Cybersecurity Team you will be an integral part of a high functioning team of experts responsible for the security of all corporate and production information technology resources. You will provide technical support to the Hypori Vulnerability Management process to include providing system admin support to all vulnerability assessment tools and conducting scans of all Hypori environments. You also manage vulnerability scanning tools within the production pipeline and ensure any identified vulnerabilities are entered into the development pipeline backlog for resolution. 

What you’ll do

• Operate and maintain Hypori vulnerability assessment tools.
• Set scanning schedules, run scans, and verify results.
• Support mitigation and remediation of vulnerability findings.
• Organize and report scan results to eliminate false positives and duplicate findings.
• Implement Security Template, Implementation Guidelines, and Security Controls.
• Conduct security testing/vulnerability assessments and recommend mitigation or remediation tasks to reduce risk.
• Manage personal workflow in the agile process.
• Conduct interviews with engineering staff and business process owners to assess procedural and manual controls.
• Provide procedural control recommendations to automation and business process owners to address Security Controls.

What you have

• Experience with Linux operating systems at all layers (boot, kernel space, user space) 
• Demonstrated competency with Tenable.sc, Tenable.io, and Nessus professional products 
• Working knowledge in NIST Risk Management Framework (RMF) for defining, implementing,  automating, assessing, and accessing procedural methods and security controls. 
• Demonstrated ability to use OpenSCAP tools to conduct security assessment, measurement, and enforcement of security baselines. 
• Demonstrated ability to create security checklists for automation checklists using defined DoD and CIS security policies. 
• Minimum 4 years' experience in Information Security 
• Familiar with Atlassian tool suite (Jira, Confluence, etc.) 
• Proficiency with ticketing or workflow tools 
• Required DODD 8570.01M IAT/IAM Security certification such as CCNA Security, GICSP, GSEC, Security+ CE, CND, SSCP  
• Active DoD Secret clearance with Single Scope Background Investigation (SSBI)

To be considered for this role you must be a U.S. citizen currently residing on U.S. soil.