For this position we are really looking for someone who is strong in Security Operations (Vulnerability Management, Penetration Testing, Incident Response, Identity Access Management, etc.). A few of the candidates were strong in Risk Management (Risk Assessment, Data Classification, Audits, etc.) but we already have those skills on our team. The remaining candidates mostly struggled to answer basic technical questions relating to security and seemed to mostly come from more IT Operations backgrounds. We are looking for an experienced person as this is not an entry level opening.
General things to consider when screening:
Analyze the security impact of application, configuration, and infrastructure changes to ensure compliance with the security standard as part of the change management lifecycle.
Assess the configurations of applications, servers, and network devices for compliance with the security standard.
Analyze and document how the implementation of new system or new interfaces between systems impacts the security posture of the current environment.
Assess and document the security impact and risks of newly discovered vulnerabilities in the environment.
Coordinate resolution of application and infrastructure security vulnerabilities with System Owners, IT, and vendors. Track resolution of vulnerabilities and provide regular updates to management.
Coordinate resolution of endpoint security vulnerabilities with users and provide regular updates to management.
Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and documentappropriately.
| Skill Required /Desired Amount of Experience | |||
| NIST 800-53 rev 5 and/or Criminal Justice Information System (CJIS) specifications for an information security management system. | Required | 5 | Years |
| Software development lifecycle, vulnerability management processes, role-based authentication methodologies, etc. | Required | 5 | Years |
| Familiarity with programming languages such as Python, Java, JavaScript, C++, C#, SQL, HTML, CSS, and/or COBOL. | Required | 5 | Years |
| Expertise in using automated vulnerability scanners like Nessus, Qualys, Retina, and/or Tenable. | Required | 5 | Years |
| Familiarity with web application security testing tools like Burp Suite, Fortify, and/or AppScan. | Required | 5 | Years |
| Basic scripting skills (e.g. WDL, VBScript, JavaScript, PowerShell, Python) for automation | Required | 5 | Years |
| IT security or risk assessment certifications are advantageous (CISM, CCSP, CISSP, CEH, CompTIA Pentest+ and/or CompTIA Security+) | Required | 5 | Years |
| No. Question | |
| Question1 | Commonwealth of Virginia security policies prohibit the use of offshore IT contractors. Do you attest to the fact that your candidate will physically reside within the US for the duration of the assignment? |
| Question2 | Please list candidate's email address. |
| Question3 | If selected the role requires the candidate to work on site in a hybrid capacity. Does your candidate agree to this arrangement? |
| Question4 | If Selected this role requires the candidate to interview in person. Does your candidate agree to this arrangement? |
| Question5 | In what City and State is your Candidate located? |
| Question6 | When screening your candidate, please confirm with them that they were not submitted to 760300. If they were they will not be considered. |
...connected rollups. Through our work, we empower every Web3 app to... ...and creative Content Marketer who can craft high-quality short... ...materials while supporting our social media team. Youll collaborate cross... ...working membership/Work-from-home equipment including the latest...
...Casual Package Delivery Driver Who exactly are UPS Casual Package Delivery Drivers? Theyre the ones who drive our familiar brown trucks, bringing packages great and small to our customers. Theyre a friendly, physically active crew who enjoy fast-paced work, being...
...Description Position Summary The Senior Real Estate Financial Analyst will be responsible for underwriting acquisition and development opportunities, overseeing the underwriting team, preparing investment committee materials and running weekly meetings, supporting...
...and assign freight at the order and cart level. Analyze LTL/UPS accessorials to ensure costs are updated and accurate for pre-shipment... ....MBA a plus. ASCM certification preferred. Familiar with managing large shipment profiles and routing set ups for LTL and parcel...
...Responsibilities Responsible for delivering various routes, maintaining established service levels, and/or show routes to new Delivery Workers (DWs). May perform other driving tasks such as delivery verifications and delivery of replacement copies. Assists in...