Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
SOC Vulnerability Management Program (VMP) Security Analyst II image - Rise Careers
Job details

SOC Vulnerability Management Program (VMP) Security Analyst II

SOC Vulnerability Management Program (VMP) Security Analyst II - (240009OY)DescriptionThe Massachusetts Executive Office of Technology Services and Security (EOTSS) is the state’s lead office for information technology. We provide enterprise level information technology services including network management and security; computer operations; application hosting; desktop provisioning and management; and modern and responsive digital services to 40,000 internal stakeholders plus the residents, business owners and visitors to the Commonwealth of Massachusetts.EOTSS is seeking to hire a SOC Vulnerability Management Program (VMP) Security Analyst II to join the Security Operations Team. This is an exciting opportunity for an IT professional to join an exceptionally skilled team and contribute to critical statewide initiatives. The SOC VMP Security Analyst II is responsible for providing security vulnerability scanning, reporting, tracking, remediation, and analysis through continuous evaluation and prioritization of scan results. The successful candidate will have working knowledge of application, network, and operating system security frameworks and best practices. The incumbent of this role will assist with the development and implementation of the Enterprise Vulnerability Management Program as a member of the Vulnerability Management team.The primary work location for this role will be at 200 Arlington Street Chelsea, Massachusetts 02150. The work schedule for this position is Monday thru Friday, 9AM to 5PM EST. This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed. Travel, on-call rotation, and weekend support may be required.Duties and Responsibilities:• Conduct daily assessment of internal and external vulnerabilities identified by infrastructure scans.• Evaluate, rate, and perform risk assessments on customer assets based on scan results.• Prioritizing vulnerabilities discovered along with remediation timeline(s) while working with different agencies and owners, as well as the vulnerability management team.• Send and receive notifications to responsible system owner, including customers, vendors, and internal teams of vulnerabilities within the environment.• Maintain knowledge of the threat landscape.• Provide reporting and analysis and follow up.• Provide vulnerability analysis and produce reports for management.• Participate collecting, assessing, and cataloging threat indicators.• Compile and track vulnerabilities over time for metrics purposes.• Develop and maintain strong relationships with Commonwealth customer departments and their security principals.• Provide oral and written feedback from customers’ meetings and discussions back to the VMT.Preferred Knowledge, Skills, and Abilities:• Minimum two (2) years of professional and/or practical experience in the field of information technology security providing technical guidance across systems, networks, and applications to vulnerability management teams and end users required.• Experience with systems, networks, and/or applications related to vulnerability management systems and patch management.• Ability to work with third party penetration vendors conducting network/perimeter/application pen tests, including scoping, running, working with the vendor, and post-scanning remediation efforts and deliverables.• Strong understanding and experience working with Windows and Linux desktop and network operating systems and patching.• Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments (Amazon Web Services (AWS) or Microsoft Azure).• Proficient with System/Networking concepts including TCP/IP, DHCP, DNS, Subnetting, Packet tracing, Routing, VLANs, VPN, Active Directory, O365, SSL Certificates.• Knowledge of vulnerability scoring systems (CVSS/CMSS).• Experience with network, systems, and application vulnerability scanning tools (Tenable IO, Cloud Security, Attack Surface Management, Palo Alto Xpanse).• Ability to clearly communicate priorities and escalation points/procedures to other team members.• Detail oriented, organized, methodical follow up skills with an analytical thought process.• Excellent writing and presentation skills are required to communicate findings and status.• Ability to learn new technologies in a fast-paced energized environment.• Proficient with scripting (e.g. Python, JavaScript, PowerShell, PHP or Ruby), a plus• Proficient with Tenable IO, Cloud Security, Attack Surface Management, a plus• Security certifications desired, but not required.QualificationsFirst consideration will be given to those applicants that apply within the first 14 days.Minimum Entrance Requirements:Applicants must have (A) at least two (2) years of full-time or equivalent part-time professional or practical experience in the field of information technology security, or (B) any equivalent combination of the required experience and the substitutions below.Substitutions:I. An Associate’s degree in a related field may substitute for one (1) year of the required experience.II. A Bachelor’s degree or higher in a related field may substitute for the required experience.Comprehensive BenefitsWhen you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.Want the specifics? Explore our Employee Benefits and Rewards!An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law. Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage individuals who believe they have the skills necessary to thrive to apply for this role.Official Title: Security Analyst IIPrimary Location: United States-Massachusetts-Chelsea-200 Arlington StreetJob: Information Systems and TechnologyAgency: Exec Office of Technology Services and SecuritySchedule: Full-timeShift: DayJob Posting: Nov 14, 2024, 3:08:57 PMNumber of Openings: 1Salary: 77,222.08 - 115,204.96 YearlyIf you have Diversity, Affirmative Action or Equal Employment Opportunity questions or need a Reasonable Accommodation, please contact Diversity Officer / ADA Coordinator: Emily Hartmann - 6176608300Bargaining Unit: 06-NAGE - Professional Admin.Confidential: NoPotentially Eligible for a Hybrid Work Schedule: Yes

Average salary estimate

Estimate provided by employer
$98205 / ANNUAL (est.)
min
max
$98K
$98K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

Massachusetts, fondly referred to as the “Cradle of Liberty” & "the Hub of Technology" and known for award-winning Healthcare and Education, boasts creative and innovative talent. This spirit is embodied in our employees across the Commonwealth. W...

17 jobs
MATCH
Calculating your matching score...
FUNDING
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
EMPLOYMENT TYPE
Full-time, hybrid
DATE POSTED
November 18, 2024

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!