IT Vulnerability Management Specialist

The world of investing is fascinating yet complex. While hundreds of first -time investors are turning to the markets to help pay for their homes, send their children to college and secure their futures the mission of the Securities and Exchange Commission (SEC) is becoming all the more vital. GDIT is excited to support the SEC in as it seeks to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.

The SEC ISS program is a comprehensive IT program charged with operating, managing, and advancing the SEC's IT infrastructure. Our dynamic program team of IT leaders and large and small business partners is seeking bright, energetic and talented individuals to join us as we bring our innovative IT Service Delivery solutions to SEC.

Currently, we are seeking an Information Security Specialist with expertise in Vulnerability Management. The selected candidate must be a US Citizen (without dual citizenship) and able to obtain a SEC Public Trust Suitability.

Position Duties: 

• Assists the Vulnerability Management Engineers (junior and senior level) with the review and mitigation of security vulnerabilities across a variety of technologies.

• Sets prioritization for vulnerability remediation

• Maintains metrics and provides reports to management.

• Interfaces with all organizations to facilitate timely remediation.

• Runs reports and creates artifacts to validate remediation.

• Identifies risk reduction opportunities based on vulnerability data analysis and trends. Provides subject matter expertise on issues and tasks related to the vulnerability mitigations.

• Is the escalation POC for Vulnerability Management Engineer Junior.

Required Experience: 

• Must have a minimum of 5 years of related experience identifying, assessing, and mitigating IT security vulnerabilities across multiple platforms, and possess a solid technical background in multiple technologies. 

• Hands on experience with vulnerability analysis using Tenable (or similar cyber exposure tools), and experience monitoring, tracking, and reporting the status of vulnerabilities and POAMs.

• Possesses strong analytical and written/verbal communication skills

• Ability to synthesize information to present in clear and concise customer briefings, both written and verbal

• Cybersecurity or privacy related certifications can be substituted for one year of experience.

Desired Experience:

• Experience building reports using Microsoft Power BI or similar reporting tools

• Knowledge and understanding of vendor patching cycles (e.g. Windows, Cisco, Redhat, VMware, etc)

• Knowledge and understanding of patching industry tools (e.g. Bigfix, MS Intune)