ACS Professional Staffing is looking for an employee to work on-site with our client. This System Administrator position will involve conducting comprehensive vulnerability assessments across networks, applications, and operating systems, utilizing tools like Nmap, Nessus, and Wireshark. Responsibilities include identifying, analyzing, and remediating security vulnerabilities, developing custom scripts for vulnerability testing, and ensuring compliance with security protocols. The role also requires collaborating with internal teams to resolve security issues, maintaining vulnerability management tools, and generating detailed reports on system vulnerabilities. Strong knowledge of system configurations, security scanning, and risk mitigation is essential. This full-time position is located in Vancouver, WA.
Pay Rate: $44.47 - $63.54
Benefits:
Paid holidays: 11
PTO: Starting at 10 days
Sick Leave: Up to 56 hours per year (prorated based on start date)
EAP: Employee Assistance Program
Benefit Options Available: Medical, Dental, Vision, FSA, DCA, LPFSA, HSA, Group Life/AD&D, Voluntary Life/AD&D, Voluntary Short-Term Disability, Voluntary Long-Term Disability, Voluntary Critical Illness, Voluntary Accident, 401k (immediately eligible for employee and employer contributions - employer match up to 4%)
Other benefits include the following: Calm App, Access Perks
Responsibilities:
With Manager review and approval, perform the following:
Control Center Cyber Vulnerability Scanning:
Define, identify, and classify the security holes (vulnerabilities) in a computer, network, or communications infrastructure.
Interact with business units to discover, triage, and resolve security vulnerabilities with manual and automated tools to enforce security criteria as part of a Secure Development Life Cycle on a continuous basis.
Research and investigate new and emerging vulnerabilities.
Analyze vulnerabilities to appropriately characterize threats and provide remediation recommendations.
Forecast the effectiveness of proposed countermeasures and evaluate their actual effectiveness after they are put into use.
Assist to conduct vulnerability assessments (application and/or infrastructure) and articulate security issues to technical and non-technical audience(s).
Conduct vulnerability assessments using tools such as NMAP, Nessus, or other related tools. Alert the manager of any concerns.
Operate and analyze results of open-source security tools and vulnerability scanners including Wireshark, ngrep, nmap, and Snort:
Analyze network and wireless traffic, and report to management on abnormal activity.
Compile vulnerability data from many sources and track technical resolution and mitigation times.
Report findings and maintain on-going assessments for regulatory reporting.
Alert manager and generate system vulnerabilities reports; interface and collaborate with internal groups to identify, discuss, and develop remediation recommendations.
Present recommended remediation plans for management, sponsor, and stakeholder review and approval.
Track and follow through to completion assigned remediation activities. Seek manager guidance with prioritization questions or concerns.
Assist with vulnerability assessments including evaluation of specific configurations of network devices, operating systems, and network enabled software applications on both Windows and Linux platforms. Perform network discovery and comparison with known cyber assets.
Vulnerability Scanning:
Configure vulnerability assessment tools, as well as perform scans, research and analyze vulnerabilities, identify relevant threats, corrective action recommendations, summarize, and report out results.
Identify critical flaws in applications and systems that cyber attackers could exploit.
Conduct vulnerability assessments for networks, applications, and operating systems.
Use automated tools (e.g. Nessus) to pinpoint vulnerabilities and reduce time-consuming tasks.
Use manual testing techniques and methods to gain a better understanding of the environment to reduce false negatives.
Develop, test, and modify custom scripts and applications for vulnerability testing.
Manually validate report findings to reduce false positives.
Compile and track vulnerabilities over time for metrics purposes.
Write and present comprehensive Vulnerability Assessments on new systems.
Review and define requirements for information security solutions.
Supply hands-on training to network and system administrators of the vulnerability scanning program.
Develop and maintain a vulnerability assessment database.
Perform trend and analysis of vulnerability scan data.
Generate reports that identify security posture of the base (i. e. deficiencies, history of repeats, etc.).
Develop and document Transmission Operation's Standard Operating Procedures (SOPs), checklists, guides, best practices, and procedures for conducting vulnerability assessments.
Automate procedures using scripts, Sequel (SQL), database administration, or other available technology.
Report out on repeat high vulnerabilities to the communications unit monthly.
Maintain functionality of vulnerability management tools including configuration and maintenance of applications (e.g. Nessus, Tenable Security Center, and other vulnerability assessment tools).
Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components.
Conduct compliance scanning to analyze configurations and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components. Engage with stakeholders, to include other IT professionals, management, and internal or external auditors to facilitate vulnerability discovery and remediation.
Communicate security and compliance issues to management, customers, and stakeholders effectively and timely.
Recommend appropriate remedial actions to mitigate risks and verify information systems employ appropriate level of information security controls.
Analyze Vulnerability scan results and engage with customers to resolve identified vulnerabilities.
Verify remedial actions and validate compliance with information security policy and regulatory requirements.
Assist in development and implementation of information security vulnerability management policies, procedures, and standards based on National Institute of Standards and Technology (NIST) 800-53 standards, best practices, and compliance requirements.
Mark documents and maintain filing system(s), files, emails, and records in accordance with compliance requirements. Share and disperse documents only to appropriate personnel (those with a Lawful Government Purpose (LGP) to know). Mark and maintain all official records in accordance with the Information Security (INFOSEC) and Information Governance & Lifecycle Management (IGLM) standards and procedures. Validate official records are accurately maintained for auditing purposes.
Requirements:
A degree in Computer Science, Information Technology, or a directly related technical discipline is preferred.
8 years of experience is required with an applicable associate or bachelor's degree.
10 years of experience is required without a degree or applicable degree or with no degree.
Experience includes a minimum combination of work-related experience, on-the-job training, and/or vocational training. Experience should be consistent with the specific requirements of Computer/Information Technology or related field, and progressively more technical in nature.
2 years of experience with the following:
Classes of vulnerabilities, appropriate remediation, and industry standard classification schemes (CVE, CVSS, CPE).
Linux and Windows operating systems, including common programming or scripting languages.
Devising methods to automate testing activities and streamline testing processes.
Knowledge of patching programs of major hardware/software manufacturers. Knowledge of secure configuration and hardening of systems.
Knowledge of methods for on-going evaluation of the effectiveness and applicability of information security controls (e.g., vulnerability testing, and assessment tools).
Knowledge of security vulnerabilities, application analysis, and protocol analysis.
Knowledge of network topology, communication protocols, firewalls, proxies, and IDS systems to affectively configure scanning software.
Experience setting up and administering an enterprise cyber vulnerability scanning and assessment infrastructure.
Experience administering computer systems in a 24/7 high availability operational environment.
Experience using specific technologies such as Splunk.
Experience administering Tenable.sc and Nessus.
Valid U.S. Driver's License is required.
Work sponsorship is not available at this time. Third-party candidates will not be considered for this position.
Because we are a federal government contractor, we have special restrictions placed on us for hiring foreign nationals into certain key positions within the company. This particular position requires U.S. citizenship.
ACS Professional Staffing will provide equal employment opportunities to all applicants without regard to the applicant's race, color, religion, sex, gender, genetic information, national origin, age, veteran status, disability status, or any other status protected by federal or state law. The company will provide reasonable accommodations to allow an applicant to participate in the hiring process if so requested.
If you have any questions about the job posting, please contact recruiting@acsprostaffing.com
If you have any questions about our Reasonable Accommodation Policy, please feel free to email hr@acsprostaffing.com