Job Title: Cyber Command Vulnerability Management Specialist
SAPRESUMES
Job Title: Cyber Command Vulnerability Management Specialist
Location: Brooklyn, NY 11201 (Hybrid – 3 days onsite, 2 days remote)
Duration: 24 Months (Extension possible based on needs and performance)
Job Description
Responsibilities:
Design, architect, and manage vulnerability scanning infrastructure and tools, primarily Rapid7.
Conduct and analyze vulnerability scans across various networks.
Interpret scan results and generate actionable reports and dashboards to identify and prioritize risks.
Perform vulnerability assessments and provide technical recommendations for mitigation and remediation.
Conduct research on CVEs and vendor hardware/software vulnerabilities and provide technical analysis to stakeholders.
Automate vulnerability management tasks using Python and PowerShell.
Perform data analysis using Excel, including VLookup and Pivot Tables.
Collaborate with internal teams and external agencies to communicate risk, coordinate remediation, and optimize vulnerability management processes.
Mandatory Skills/Experience:
Minimum of 8 years of experience in Cybersecurity, with a focus on vulnerability management.
Strong hands-on experience with Rapid7 tools, including scan execution, dashboard creation, and reporting.
Deep knowledge of CVE, CVSS, vector strings, NVD, MITRE, attack vectors, and security mitigations.
Experience evaluating vulnerabilities and developing/implementing mitigation strategies.
Proficient in scripting languages such as Python and PowerShell for automation.
Expertise in Microsoft Excel, specifically in data manipulation and analysis using VLookup and Pivot Tables.
Desirable Skills/Experience:
Strong communication skills for delivering technical reports and presentations to stakeholders.
Understanding of current threat landscapes and TTPs (tactics, techniques, and procedures).
Experience with Tableau for visualization and reporting.
Familiarity with firewall products, IDS, DMZ, IPSec, DNS, SMTP, HTTP, VPNs, and proxy technologies.
Knowledge of security across various platforms (Windows, Linux, VMWare, Mobile OS, Cisco IOS).
Understanding of encryption, hashing, and public-key cryptography.
Experience with security frameworks and standards (NIST, CIS, Microsoft, Cisco, Juniper, etc.).
Ability to analyze cybersecurity documentation such as policies and procedures.
Hands-on experience with Windows and Linux servers.
Preferred Certifications (not required):
CISSP, GSEC, GCIA, GCIH, CEH, CWAPT, or similar.