Job Information
State of Massachusetts SOC Vulnerability Management Program (VMP) Security Analyst II in Chelsea, Massachusetts
The Massachusetts Executive Office of Technology Services and Security (EOTSS) is the state’s lead office for information technology. We provide enterprise level information technology services including network management and security; computer operations; application hosting; desktop provisioning and management; and modern and responsive digital services to 40,000 internal stakeholders plus the residents, business owners and visitors to the Commonwealth of Massachusetts. EOTSS is seeking to hire a SOC Vulnerability Management Program (VMP) Security Analyst II to join the Security Operations Team. This is an exciting opportunity for an IT professional to join an exceptionally skilled team and contribute to critical statewide initiatives. The SOC VMP Security Analyst IIis responsible for providing security vulnerability scanning, reporting, tracking, remediation, and analysis through continuous evaluation and prioritization of scan results. The successful candidate will have working knowledge of application, network, and operating system security frameworks and best practices. The incumbent of this role will assist with the development and implementation of the Enterprise Vulnerability Management Program as a member of the Vulnerability Management team. The primary work location for this role will be at 200 Arlington Street Chelsea, Massachusetts 02150. The work schedule for this position is Monday thru Friday, 9AM to 5PM EST. This position would be expected to follow ahybridmodel of reporting to work that combines in-office workdays and work from home days as needed.Travel, on-call rotation, and weekend support may be required. Duties and Responsibilities: * Conduct daily assessment of internal and external vulnerabilities identified by infrastructure scans. * Evaluate, rate, and perform risk assessments on customer assets based on scan results. * Prioritizing vulnerabilities discovered along with remediation timeline(s) while working with different agencies and owners, as well as the vulnerability management team. * Send and receive notifications to responsible system owner, including customers, vendors, and internal teams of vulnerabilities within the environment. * Maintain knowledge of the threat landscape. * Provide reporting and analysis and follow up. * Provide vulnerability analysis and produce reports for management. * Participate collecting, assessing, and cataloging threat indicators. * Compile and track vulnerabilities over time for metrics purposes. * Develop and maintain strong relationships with Commonwealth customer departments and their security principals. * Provide oral and written feedback from customers’ meetings and discussions back to the VMT. Preferred Knowledge, Skills, and Abilities: * Minimum two (2) years of professional and/or practical experience in the field of information technology security providing technical guidance across systems, networks, and applications to vulnerability management teams and end users required. * Experience with systems, networks, and/or applications related to vulnerability management systems and patch management. * Ability to work with third party penetration vendors conducting network/perimeter/application pen tests, including scoping, running, working with the vendor, and post-scanning remediation efforts and deliverables. * Strong understanding and experience working with Windows and Linux desktop and network operating systems and patching. * Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments (Amazon Web Services (AWS) or Microsoft Azure). * Proficient with System/Networking concepts including TCP/IP, DHCP, DNS, Subnetting, Packet tracing, Routing, VLANs, VPN, Active Directory, O365, SSL Certificates. * Knowledge of vulnerability scoring systems (CVSS/CMSS). * Experience with network, systems, and application vulnerability scanning tools (Tenable IO, Cloud Security, Attack Surface Management, Palo Alto Xpanse). * Ability to clearly communicate priorities and escalation points/procedures to other team members. * Detail oriented, organized, methodical follow up skills with an analytical thought process. * Excellent writing and presentation skills are required to communicate findings and status. * Ability to learn new technologies in a fast-paced energized environment. * Proficient with scripting (e.g. Python, JavaScript, PowerShell, PHP or Ruby), a plus * Proficient with Tenable IO, Cloud Security, Attack Surface Management, a plus * Security certifications desired, but not required. First consideration will be given to those applicants that apply within the first 14 days. Minimum Entrance Requirements: Applicants must have (A) at least two (2) years of full-time or equivalent part-time professional or practical experience in the field of information technology security, or (B) any equivalent combination of the required experience and the substitutions below. Substitutions: I. An Associate’s degree in a related field may substitute for one (1) year of the required experience. II. A Bachelor’s degree or higher in a related field may substitute for the required experience. *Comprehensive Benefits* When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future. Want the specifics? Explore our Employee Benefits and Rewards! An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply. The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law. Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage individuals who believe they have the skills necessary to thrive to apply for this role. Job: Information Systems and Technology* *Organization: Exec Office of Technology Services and Security *Title: *SOC Vulnerability Management Program (VMP) Security Analyst II Location: Massachusetts-Chelsea-200 Arlington Street Requisition ID: 240009OY