SOC Vulnerability Management Program (VMP) Systems Administrator III

SOC Vulnerability Management Program (VMP) Systems Administrator III - (240009OW)

Description

 

The Massachusetts Executive Office of Technology Services and Security (EOTSS) is the state’s lead office for information technology. We provide enterprise level information technology services including network management and security; computer operations; application hosting; desktop provisioning and management; and modern and responsive digital services to 40,000 internal stakeholders plus the residents, business owners and visitors to the Commonwealth of Massachusetts.

EOTSS is seeking to hire a SOC Vulnerability Management Program (VMP) Systems Administrator III to join the Security Operations Team. This is an exciting opportunity for an IT professional to join an exceptionally skilled team and contribute to critical statewide initiatives. The SOC VMP Systems Administrator III is the lead technical resource for the Vulnerability Management Program (VMP) by overseeing and managing the set-up, configuration, and implementation of vulnerability management solutions. In addition, the incumbent in this role will be responsible for providing security vulnerability scanning, reporting, tracking, remediation, and analysis through continuous evaluation and prioritization of scan results by demonstrating an ability to work across different stakeholder groups to improve overall security posture. This individual will be a key resource in driving continuous improvement of the Enterprise Vulnerability Management Program.

The primary work location for this role will be at 200 Arlington Street Chelsea, Massachusetts 02150. The work schedule for this position is Monday through Friday, 9AM to 5PM EST. This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed. Travel, on-call rotation, and weekend support may be required. 

Duties and Responsibilities:

• Act as a knowledge resource and subject matter expert within the Security Operations Center teams, providing guidance and thought leadership on security and operational strategies.
• Handle the preparations of security and operational reports to management on security system activities and performance.
• Guide and / or participate in security related project groups to ensure completion of projects.
• Lead in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects, delivering projects in accordance with expected outcomes
• Drive security efficiencies, enabling security team members to work on more advanced tasks with a focus on continuous improvement
• Handle day-to-day implementation, configuration, monitoring, and operational support of hardware, software, applications, managed solutions, and service provider relationships that are used to execute the Vulnerability Management Program.
• Actively participate and/or lead security team meetings that facilitate secure design.
• Implement solutions to monitor and drive compliance with Commonwealth Information Security policies and applicable enterprise level security standards (NIST, CSP, etc.).
• Oversee research, testing, and evaluation of potential new security systems and software in order to leverage emerging technologies in the security space.
• Evaluate, rate, and perform risk assessments on customer assets based on scan results.
• Prioritizing vulnerabilities discovered along with remediation timeline(s) while working with different agencies and owners, as well as the vulnerability management team.
• Send and receive notifications to responsible system owner, including customers, vendors, and internal teams of vulnerabilities within the environment.
• Maintain knowledge of the threat landscape.
• Support executive level reporting as needed for the SOC and executive agencies.
• Develop and maintain strong relationships with Commonwealth customer departments and their security principals.
• May be required to be on call based on department needs.

Preferred Knowledge, Skills, and Abilities:

• Minimum five (5) years of professional and/or practical experience in the field of information technology security providing technical guidance across systems, networks, and applications to vulnerability management teams and end users required.
• Experience with Secure System Design, desktop and network operating systems, Firewall administration, and Vulnerability Management concepts and tools.
• Proven experience with cybersecurity, including compliance and risk management with a system and network security background.
• Highly technical and analytical expertise, with a background in technology design, implementation, and delivery.
• Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments (Amazon Web Services (AWS) or Microsoft Azure).
• Self-motivated with the ability to prioritize tasks in a fast-paced environment to meet deadlines and manage competing demands, both as an individual contributor and for a team.
• Ability to maintain a high degree of professionalism and confidentiality.
• Strong verbal and written communication, both technical and non-technical, with the ability to present to all levels throughout the organization.
• Skilled in building relationships with varying levels internally to the agency, but also across the Commonwealth.
• Extensive knowledge of traditional security controls and technologies, such as Vulnerability Management solutions, Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls.
• Proficient with scripting (e.g. Python, JavaScript, PowerShell, PHP or Ruby), a plus
• DevOps background with experience in compliance obligations, a plus
• Proficient with Tenable IO, Cloud Security, Attack Surface Management, a plus
• Security certifications desired, but not required.

 

Qualifications

 

First consideration will be given to those applicants that apply within the first 14 days.

 

Minimum Entrance Requirements: 

Applicants must have (A) at least three (3) years of full-time or equivalent part-time professional or practical experience in the field of information technology security, or (B) any equivalent combination of the required experience and the substitutions below.

 

Substitutions: 

I.  An Associate’s degree in a related field may substitute for one (1) year of the required experience.

II. A Bachelor’s degree or higher in a related field may substitute for two (2) years of the required experience.

III. A Master’s degree or higher in a related field may substitute for the required experience. 

 

 

 

Comprehensive Benefits

When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.

Want the specifics? Explore our Employee Benefits and Rewards!

 

 

An Equal Opportunity / Affirmative Action Employer.  Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

 

The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law.  Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements.  We encourage individuals who believe they have the skills necessary to thrive to apply for this role.

 Official Title: Security Engineer III

Primary Location

: United States-Massachusetts-Chelsea-200 Arlington Street

Job

: Information Systems and Technology

Agency

: Exec Office of Technology Services and Security

Schedule

: Full-time

Shift

: Day

Job Posting

: Nov 14, 2024, 3:19:28 PM

Number of Openings

: 1

Salary

: 98,041.84 - 143,977.60 YearlyIf you have Diversity, Affirmative Action or Equal Employment Opportunity questions or need a Reasonable Accommodation, please contact Diversity Officer / ADA Coordinator: Emily Hartmann - 6176608300Bargaining Unit: 06-NAGE - Professional Admin.Confidential: NoPotentially Eligible for a Hybrid Work Schedule: Yes