CyberSecurity Engineer (Hybrid)
Job title: CyberSecurity Engineer (Hybrid) in Brooklyn, NY at Morph Enterprise
Company: Morph Enterprise
Job description: Duration: 24 Months, extension possible based on needs and performanceJob Title: Cyber Command Vulnerability Management SpecialistHybrid: 3 days per week in office at Brooklyn, NY / 2 days per week remoteJob Description
The Threat Management - Vulnerability Management Specialist Client is essential to Cyber Commands Vulnerability Management program and its ability to defend systems from cyber threat including direct support of public safety, revenue generating, and operations that provide everyday services to citizens.
The resource will contribute to Cyber Command's ability to issue timely vulnerability notifications and prioritized system patching info. Without timely vulnerability notification and patching, the cannot effectively adjust its defensive controls and reduce it's attack surface resulting in the increased likelihood of cyber events that may require costly remediation efforts.
The threat to the attack surface has only continued to grow due to a 40% increase of vulnerabilities in the technology used across the agencies.
These vulnerabilities are leveraged by attackers to commit malicious events such as information theft and ransomware.
Scope Of ServicesThe Cyber Command Threat Management division within requires a Vulnerability Management Specialist to serve as a subject matter expert for vulnerability management:Tasks
Research, analyze and brief management and team members on relevant Risk, CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations for various technologies
Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools
Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks
Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk
Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation
Present succinct technical briefings to team members and customers for research, risk assessment, CVE's, vendor hardware/software, industry trends
Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks
The ability to automate detection, reporting and tracking of vulnerabilities identified
Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint
Travel within for various projects when necessary
Mandatory Skills/Experience
At least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability analysis, vulnerability management scan result analysis, Excel
Strong knowledge of CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations
Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk
Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation
Experience conducting research around CVE's, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers
Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks
Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables
Desirable skills/experience:
Provide oral and written reports on vulnerability risk to the team and possibly agencies' technical stakeholders
Ability to evaluate the current threat landscape that includes tactics, techniques and procedures
Work with agencies to evangelize the Cyber Command program around areas of cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues
Experience using Tableau for reporting and analysis purposes
Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc.
Knowledge of security best practices across multiple platforms, such as MS Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.
Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5 MS, Unix/Linux, etc.
Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures.
Extensive experience with Windows and Linux Servers
Exceptional written and oral communication skills
Exceptional organizational and analytical skills
Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)
2 Professional reference required
Expected salary:
Location: Brooklyn, NY
Apply for the job now!
Apply Now
Company: Morph Enterprise
Job description: Duration: 24 Months, extension possible based on needs and performanceJob Title: Cyber Command Vulnerability Management SpecialistHybrid: 3 days per week in office at Brooklyn, NY / 2 days per week remoteJob Description
The Threat Management - Vulnerability Management Specialist Client is essential to Cyber Commands Vulnerability Management program and its ability to defend systems from cyber threat including direct support of public safety, revenue generating, and operations that provide everyday services to citizens.
The resource will contribute to Cyber Command's ability to issue timely vulnerability notifications and prioritized system patching info. Without timely vulnerability notification and patching, the cannot effectively adjust its defensive controls and reduce it's attack surface resulting in the increased likelihood of cyber events that may require costly remediation efforts.
The threat to the attack surface has only continued to grow due to a 40% increase of vulnerabilities in the technology used across the agencies.
These vulnerabilities are leveraged by attackers to commit malicious events such as information theft and ransomware.
Scope Of ServicesThe Cyber Command Threat Management division within requires a Vulnerability Management Specialist to serve as a subject matter expert for vulnerability management:Tasks
Research, analyze and brief management and team members on relevant Risk, CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations for various technologies
Design, architect and build Rapid7 vulnerability management scanning infrastructure and tools
Manage, configure and conduct Vulnerability Management scans in Rapid7 across various networks
Conduct vulnerability management analysis through industry research, deep analysis, generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk
Evaluate security vulnerabilities, assess risk and impact, develop mitigation strategies, and implement remediation
Present succinct technical briefings to team members and customers for research, risk assessment, CVE's, vendor hardware/software, industry trends
Create scripts utilizing Python, PowerShell and others to automate vulnerability management tasks
The ability to automate detection, reporting and tracking of vulnerabilities identified
Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports, scripts, Excel and PowerPoint
Travel within for various projects when necessary
Mandatory Skills/Experience
At least 8 years of experience in Cybersecurity, including vulnerability management scanning tools, vulnerability assessments, attack surface management, scripting, vulnerability analysis, vulnerability management scan result analysis, Excel
Strong knowledge of CVE's, CVSS, Vector Strings, NVD, Mitre, attack vectors and mitigations
Experience with the design, architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk
Experience evaluating security vulnerabilities, assessing risk and impact, developing mitigation strategies, and implementing remediation
Experience conducting research around CVE's, vendor hardware/software vulnerabilities, and presenting succinct technical overviews to team members and customers
Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks
Extensive experience with Excel, especially for performing data analysis through VLookup and Pivot Tables
Desirable skills/experience:
Provide oral and written reports on vulnerability risk to the team and possibly agencies' technical stakeholders
Ability to evaluate the current threat landscape that includes tactics, techniques and procedures
Work with agencies to evangelize the Cyber Command program around areas of cybersecurity posture enhancement, risk reduction, attack surface management, vulnerability management scanning tool performance, scan results, credentialed scans, triage scan performance issues, socialize risk and remediation, and other vulnerability management issues
Experience using Tableau for reporting and analysis purposes
Strong background with next generation firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP, VPN, proxies, etc.
Knowledge of security best practices across multiple platforms, such as MS Windows, VMWare, Linux, VPN, Cisco IOS, and Mobile OS Android/Apple IOS.
Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Palo Alto, Fortinet, Checkpoint, F5 MS, Unix/Linux, etc.
Ability to analyze Cybersecurity documentation, including security policies, plans, and procedures.
Extensive experience with Windows and Linux Servers
Exceptional written and oral communication skills
Exceptional organizational and analytical skills
Certifications such as Certified Information Systems Security Professional (CISSP) Certification, Security Essentials Certification (GSEC), Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), Certified Penetration Tester (CWAPT)
2 Professional reference required
Expected salary:
Location: Brooklyn, NY
Apply for the job now!
Apply Now