Vulnerability Management Analyst - Hybrid (66658)

Why live in Helena, Montana?

• Helena is surrounded by rolling hills and lofty mountains and is tucked below the Continental Divide.
• It is a relatively quiet place to call home where small-town living collides with outdoor adventure.
• Helena has a rich history and was originally founded as a gold camp during the Montana gold rush.
• Learn more about moving to and/or living in Helena, Montana here.

Why should you keep reading and consider working here?

We know you have other work options, but we ask you to consider working with us at the State of Montana Department of Administration in the State Information Technology Services Division (SITSD). Our mission to provide shared IT services to support the needs of the state and citizens of Montana.  We offer an innovative and collaborative work environment where employees are valued and supported. In addition, our employees have the opportunity to be involved in some of the most exciting and innovative IT projects and initiatives in development within Montana state government. (You can learn more about SITSD here.) 

What is this career opportunity?
The Vulnerability Management Analyst supports compliance with enterprise policies, standards, and guidelines for the security of data and information technology resources for the agencies to meet their information security requirements. It provides leadership and guidance to Agencies in support of their Information Security Programs, ensures compliance with Vulnerability Management standards, and recommends corrective action for security deficiencies. The position maintains the enterprise Vulnerability Management program.

Key responsibilities include but are not limited to:

• Assess current and evolving threats and assist in developing and implementing actionable security plans and strategies with established milestones.
• Coordinate with CMDB team, application and asset owners, and other cross functional teams to ensure asset inventory is maintained and identify and address gaps or blind spots in infrastructure.
• Ensure and enforce compliance with the Enterprise Vulnerability Management program standards using Mean Time to Remediation (MTTR).
• Compile, report and track security metrics including key performance indicators and key risk indicators.
• Assist audit teams throughout the assessment and authorization process.
• Cultivate close working relationships with agency employees, outside vendors, and management.

What are we looking for?

Education and Experience: 

• Associates degree in Information Security or Technology; AND
• 3 years' experience in risk management (mid-level); OR
• Alternate combinations of education, experience, and certifications will be considered on a case-by- case basis.

Preference will be given to candidates that have:

•  Bachelors degree in Information Security or Technology; AND
• CAP, SSCP, GIAC GCLD, CISSP, CISM, or other security certifications; AND
• 2 years' experience in risk management (mid-level).

Competencies:

Knowledgeof:

• Risk Management Framework (NIST 800-37, 39, 40 and 800-53) requirements;
• Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption);
• Governance, risk, and compliance concepts and tools;
• Expertise in multiple information technology platforms (network, server, storage, cloud, programming, etc.);
• Cloud computing concepts, architecture, security, privacy, and compliance;
• Computer networking concepts and protocols, and network security methodologies; and
• Authentication, authorization, and access control methods.

Skill in:

• Using vulnerability scanning solutions like Tenable SecurityCenter or Tanium;
• Interfacing with information system owners;
• Developing security vulnerability reports and Plan of Actions and Milestones;
• Maintaining knowledge about emerging industry or technology trends;
• Reviewing system security plan documentation;
• Implementing security measures for computer or information systems;
• Testing computer system operations to ensure proper functioning; and
• Collaborating with others to resolve information technology issues.

Ability to:

• Identify systemic security issues based on the analysis of vulnerability and configuration data;
• Communicating complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means;
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation);
• Interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives;
• Work with Information System Owners (ISOs) to review reports on vulnerabilities and remediation efforts;
• Identify risks, prioritize those risks, and maintain a Plan of Action and Milestones for escalating and presenting those risks to system administrators, system owners, and senior leadership;
• Gather the information necessary to maintain security and establishes functioning external barriers, including firewalls, and other security measures;
• Review systems to identify potential security weaknesses, recommend improvements to remediate vulnerabilities, implement changes, and document upgrades; and
• Review security assessment reports (SAR) and assist audit teams throughout the assessment and authorization process.

Does this sound like you?

Please tell us how and why by submitting your resume and cover letter.  (Please Note: You do not need to complete the "work experience" or the "education & certifications" portion of the application process in our recruiting system.  You only need to upload the requested documentation.)

What can you expect from us in return for your hard work?

  Look here to see the additional benefits!  They include:

o   Work/life Balance

o   Health Coverage

o   Retirement plans

o   Paid Vacation and Sick Leave and Holidays

o   And more...

  Public Service Loan Forgiveness (PSLF) - Employment with the State of Montana may qualify you to receive student loan forgiveness under the PSLF.  Look here to learn more and see if you may qualify!

Other important information to be aware of.

• This position requires the successful completion of a criminal background check.
• Only online applications are accepted.  By applying online, you are able to receive updates and monitor the status of your application.