The Vulnerability Assessment Analyst shall:
● Maintain and optimize the Tenable Security Center infrastructure.
● Conduct regular security patching, assessments and scans on Linux Security Center servers using Tenable Nessus.
● Mitigate STIGS/Vulnerabilities on Tenable Linux Security Center Servers and Windows/Linux Nessus Scanning Servers.
● Install and update Tenable Nessus Software on Linux/Windows Scanning Servers.
● Install and update Tenable Security Center Software on Linux Servers.
● Configure and fine-tune scanning policies and asset lists to ensure thorough vulnerability coverage.
● Keep abreast of the latest Tenable Security Center features and updates.
● Perform regular vulnerability assessments of multiple device types and Operating Systems using Tenable Security Center.
● Utilize Nessus Scanning Tool to identify vulnerabilities across customer assets on a Continuous Monitoring basis.
● Review Nessus/ACAS scan results and provide direction where required.
● Recognizes potential, successful, and unsuccessful scan results for efficiency in reporting compromises thorough reviews and analyses of relevant event detail and summary information.
● Analyze scan results and generate comprehensive vulnerability reports.
● Monitor and track vulnerability remediation progress.
● Collaborate with ISS and other teams to ensure timely vulnerability remediation.
● Communicate effectively with stakeholders about the security posture and potential risks.
● Prepare and deliver clear and concise reports to management and stakeholders.
● Maintain accurate records of security incidents and vulnerabilities.
Mandatory Skills:
- Familiarity with DISA STIGs, Tenable Audit files, and / or CIS Benchmarks
- Hands-on operational experience with enterprise vulnerability management and scanning solutions, such as Tenable
- Knowledge of system and application security threats and vulnerabilities
- Working knowledge of networking, Linux/Unix, Windows administration, patch deployment and system configuration
- CEH, Security+
- Bachelors Degree + 7 years technical experience. Four years of experience can be substituted for degree.
Desired Skills:
- In-depth knowledge of vulnerability assessment methodologies, tools, and best practices
- Self-starter, ability to work effectively both independently and as part of a team including the ability and desire to own every aspect of a task from start to finish
- Strong analytical and problem-solving abilities, with a keen attention to detail