You will evaluate security impacts across applications, configurations, and infrastructure within the change management lifecycle.
Responsibilities
Assess application, server, and network device configurations for compliance with security standards.
Analyze and document how new systems or interfaces impact the current security posture.
Identify, assess, and document risks from newly discovered vulnerabilities.
Coordinate vulnerability remediation with system owners, IT teams, and vendors.
Respond to security incidents and perform thorough post-event analyses.
Execute internal application penetration testing and recommend security improvements.
Conduct annual password audits and agency-wide user access audits.
Required Skills
5+ years of experience with NIST 800-53 rev 5 and/or CJIS specifications.
5+ years of experience in software development lifecycle and vulnerability management processes.
5+ years of experience with automated vulnerability scanners such as Nessus, Qualys, Retina, or Tenable.
5+ years of experience with web application security testing tools like Burp Suite, Fortify, or AppScan.
5+ years of experience with programming languages including Python, Java, JavaScript, C++, C#, SQL, HTML, CSS, or COBOL.
5+ years of experience in scripting for automation using WDL, VBScript, JavaScript, PowerShell, or Python.
5+ years of experience in IT security or risk assessment, holding certifications such as CISM, CCSP, CISSP, CEH, CompTIA Pentest+, or CompTIA Security+.