Lead Web Application Vulnerability Services Specialist

Title: Lead Web Application Vulnerability Services Specialist

State Role Title: Info Technology Specialist III

Hiring Range: $110,000 - $125,000

Pay Band: 6

Agency: VA Information Tech Agency

Location: VA Information Technologies

Agency Website: www.vita.virginia.gov

Recruitment Type: General Public - G

Job Duties

The Virginia Information Technologies Agency (VITA) is excited to offer a competitive opportunity to serve as a Lead Web Application Vulnerability Services Specialist with the Threat Intelligence and Vulnerability Management Team.

This position leads the team’s main mission to scan all Commonwealth executive branch web applications and websites for vulnerabilities. Other duties include assisting agencies in the remediation of discovered vulnerabilities, working technical proof-of-concepts to assist in detection engineering, providing feedback for remediating at scale in the enterprise, and working with APIs to automate processes.

At VITA, we are driven by our mission to deliver sustainable and effective results through innovative, efficient, and secure services. Our vision is to be Virginia's most customer-focused technology partner, dedicated to empowering the Commonwealth by connecting, protecting, and innovating.

Be a part of our transformative journey. Apply now and contribute to shaping the future of technology in Virginia!

Minimum Qualifications

Experience with web application vulnerability scanning, identification, and remediation
Experience evaluating web application security controls and presenting findings in verbal and written reports.
Experience in one or more of the software lifecycle development, System administration of both Windows and Linux based platforms, administration of web servers (IIS, Apache, Nginx, etc.), automation with scripting languages such as PowerShell, Python, Bash, etc.
Experience working in a fast-paced environment and acquire new skills/knowledge
to meet customer needs.
Excellent communication and presentation skills required.
Understanding of LAN/WAN connectivity and TCP/IP protocol architecture
Working knowledge of network protocols: ICMP, DNS, SMB, LDAP, HTTP(S), SSH
Working knowledge of SSO Authentication protocols: SAML, OAuth, OIDC
Experience handling APIs with Python.
Experience with Docker.
Experience manipulating web traffic with proxy software (BURP, OWASP ZAP, etc.).
Experience with Web App scanning software (Qualys, Acunetix, Greenbone, Rapid7, etc.).

Additional Considerations

Experience with Tenable NessuS.
Experience preforming vulnerability management.
Experience writing JavaScript.
Experience with cloud-based platforms (AWS, AZURE, OCI).
Security certification (GIAC, ISC2, ISACA, CompTIA, EC-Council, etc.).
Penetration testing certification (OSCP, GWEB, GWAPT, PenTest+, GXPN, CPT, CEPT).
Cloud-based certifications (AWS-CCP, MS Azure Fundamentals, Cloud Security Alliance CSSK, ISC2 CSSP.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

Contact Information

Name: VITA Human Resources

Phone: VITAhr@vita.virginia.gov

Email: VITAhr@vita.virginia.gov

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.