Vulnerability Management - StateRAMP/FedRAMP - Remote
Position Overview:
ā¢ We are seeking a detail-oriented and proactive technical individual to support vulnerability monitoring and remediation efforts across Solventum Catalyst environments in StateRAMP, FedRAMP, and Commercial accounts.
ā¢ This role is critical to maintaining our security posture and ensuring compliance with StateRAMP, FedRAMP, SOC-2 and our internal Solventum ATO (Authority To Operate) process.
ā¢ The contractor will work closely with the Catalyst Site Reliability Engineering team to identify, assess, and remediate vulnerabilities using a variety of tools.
ā¢ The ideal candidate will have hands-on experience with Linux-based operating systems, AWS services and vulnerability management tools.
Position Duties:
ā¢ Monitor vulnerabilities using JIRA and vulnerability management tools such as, but not limited to, Qualys VDMR/WAS/PC, Insight Cloud Sec, CheckMarx, Nexus IQ
ā¢ May be necessary to manually run reports to verify remediation efforts were successful
ā¢ Ensure compute replacement and patching processes working as expected; Monitor and remediate any issues with
ā¢ Automated Lambda assigning latest AMI Ids Automated Auto-Scaling Group EC2 replacement via scheduled scaling or instance refresh Automated Patch Management for long-running non-ephemeral instances
ā¢ Review reports for failures; identify and remediate issues Review AWS maintenance window for failure details; resolve/test/commit changes as needed
ā¢ Manually update AWS EKS AMI assignment and nodegroup replacement; will automate process in the future
ā¢ Assist with software deployments and upgrades. These may include, but not limited to
ā¢ Solventum application upgrades
ā¢ Unmanaged third-party application upgrades Managed AWS service (RDS, MSK, etc) upgrades
ā¢ Remediate vulnerabilities within SLA (Service Level Agreement) guidelines
ā¢ Manually remediate vulnerabilities that aren't addressed with automated processes above Delegate Qualys WAS (DAST), CheckMarx (SAST) and Nexus IQ (SCA) vulnerabilities to development teams in timely manner
ā¢ Gather evidence to document compliance with certification programs like StateRAMP, FedRAMP, SOC-2 and Sovlentum's ATO (Authority To Opearte)
Skills:
Basic Qualifications:
ā¢ Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience Technical Experience
ā¢ Proficiency in AWS services: EC2, EKS, ASG, Lambda, RDS, MSK Linux operating system administration and package management
ā¢ Security & Compliance Knowledge
ā¢ Understanding of vulnerability remediation workflows Familiarity with compliance frameworks: StateRAMP, FedRAMP, SOC-2 Ability to interpret and act on vulnerability reports
Preferred Qualifications:
ā¢ Hands-on experience with vulnerability management tools like Qualys VDMR, WAS, PC; CheckMarx; Nexus IQ; Insight Cloud Sec Currently or previously held FedRAMP clearance or the ability to pass background check to work in FedRAMP environment
Soft Skills:
ā¢ Team Collaboration
ā¢ Strong team player with the ability to work cross-functionally with DevOps, Security, and Development teams.
ā¢ Willingness to share knowledge and support others in troubleshooting and remediation efforts.
ā¢ Communication
ā¢ Excellent written and verbal communication skills.
ā¢ Ability to clearly document findings, remediation steps, and compliance evidence.
ā¢ Problem Solving
ā¢ Analytical mindset with a proactive approach to identifying and resolving issues.
ā¢ Comfortable working independently and managing multiple priorities under tight deadlines.
Core Hours: 8 hours per day Monday - Friday; Occasionally may be needed to work after business hours to complete upgrades or patches.
Education: Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience
Apply Now
Apply Now
ā¢ We are seeking a detail-oriented and proactive technical individual to support vulnerability monitoring and remediation efforts across Solventum Catalyst environments in StateRAMP, FedRAMP, and Commercial accounts.
ā¢ This role is critical to maintaining our security posture and ensuring compliance with StateRAMP, FedRAMP, SOC-2 and our internal Solventum ATO (Authority To Operate) process.
ā¢ The contractor will work closely with the Catalyst Site Reliability Engineering team to identify, assess, and remediate vulnerabilities using a variety of tools.
ā¢ The ideal candidate will have hands-on experience with Linux-based operating systems, AWS services and vulnerability management tools.
Position Duties:
ā¢ Monitor vulnerabilities using JIRA and vulnerability management tools such as, but not limited to, Qualys VDMR/WAS/PC, Insight Cloud Sec, CheckMarx, Nexus IQ
ā¢ May be necessary to manually run reports to verify remediation efforts were successful
ā¢ Ensure compute replacement and patching processes working as expected; Monitor and remediate any issues with
ā¢ Automated Lambda assigning latest AMI Ids Automated Auto-Scaling Group EC2 replacement via scheduled scaling or instance refresh Automated Patch Management for long-running non-ephemeral instances
ā¢ Review reports for failures; identify and remediate issues Review AWS maintenance window for failure details; resolve/test/commit changes as needed
ā¢ Manually update AWS EKS AMI assignment and nodegroup replacement; will automate process in the future
ā¢ Assist with software deployments and upgrades. These may include, but not limited to
ā¢ Solventum application upgrades
ā¢ Unmanaged third-party application upgrades Managed AWS service (RDS, MSK, etc) upgrades
ā¢ Remediate vulnerabilities within SLA (Service Level Agreement) guidelines
ā¢ Manually remediate vulnerabilities that aren't addressed with automated processes above Delegate Qualys WAS (DAST), CheckMarx (SAST) and Nexus IQ (SCA) vulnerabilities to development teams in timely manner
ā¢ Gather evidence to document compliance with certification programs like StateRAMP, FedRAMP, SOC-2 and Sovlentum's ATO (Authority To Opearte)
Skills:
Basic Qualifications:
ā¢ Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience Technical Experience
ā¢ Proficiency in AWS services: EC2, EKS, ASG, Lambda, RDS, MSK Linux operating system administration and package management
ā¢ Security & Compliance Knowledge
ā¢ Understanding of vulnerability remediation workflows Familiarity with compliance frameworks: StateRAMP, FedRAMP, SOC-2 Ability to interpret and act on vulnerability reports
Preferred Qualifications:
ā¢ Hands-on experience with vulnerability management tools like Qualys VDMR, WAS, PC; CheckMarx; Nexus IQ; Insight Cloud Sec Currently or previously held FedRAMP clearance or the ability to pass background check to work in FedRAMP environment
Soft Skills:
ā¢ Team Collaboration
ā¢ Strong team player with the ability to work cross-functionally with DevOps, Security, and Development teams.
ā¢ Willingness to share knowledge and support others in troubleshooting and remediation efforts.
ā¢ Communication
ā¢ Excellent written and verbal communication skills.
ā¢ Ability to clearly document findings, remediation steps, and compliance evidence.
ā¢ Problem Solving
ā¢ Analytical mindset with a proactive approach to identifying and resolving issues.
ā¢ Comfortable working independently and managing multiple priorities under tight deadlines.
Core Hours: 8 hours per day Monday - Friday; Occasionally may be needed to work after business hours to complete upgrades or patches.
Education: Bachelor's Degree in Computer Science or similar; otherwise 6+ years of IT experience
Apply Now
Apply Now