Vulnerability Management Consultant
Job Posting for Vulnerability Management Consultant at Fortress Information Security
Vulnerability Management Consultant
Fortress Information Security (Fortress) helps critical infrastructure companies identify and respond to emerging cyber threats that pose the biggest risk to their business. We leverage automation, continuous monitoring, vulnerability scanning and other powerful technology and human assets to proactively uncover and contextualize risks across your enterprise and third party ecosystem.
Our specialized team of experts are recognized leaders in industry best practices and processes — and the Fortress Platform is pre-configured to bring this expertise to your particular organization. We help industries that comprise our country’s critical infrastructure, energy, manufacturing, land and sea transportation logistics, healthcare, military and government.
The Vulnerability Management Consultant will enable cyber security solutions that combine industry-leading security technology and intelligence to deliver advanced security capabilities to clients within critical infrastructure and defense. The ideal candidate will be mission-oriented and passionate about the topic of cyber security and vulnerability management, with the ability to communicate to a wide array of stakeholders and help solve complex challenges.
The Vulnerability Management Consultant will enable cyber security solutions that combine industry-leading security technology and intelligence to deliver advanced security capabilities to clients within critical infrastructure and defense. The ideal candidate will be mission-oriented and passionate about the topic of cyber security and vulnerability management, with the ability to communicate to a wide array of stakeholders and help solve complex challenges.
Responsibilities:
- Interface with existing clients to design non-traditional security solutions to cyber security problems and optimize or expand existing solutions
- Will function as primary Fortress SME for vulnerability risk scoring algorithms
- Partner with internal and external stakeholders to enhance Fortress solutions
- Assume lead and/or support role in assigned projects ensuring projects are delivered on time, within budget, and to the satisfaction of the employee's Manager or the customer
- The consulting services aspects of this role will focus on developing an effective program design for both Fortress’ internal program as well as potential and newly signed client engagements, building processes, policies, procedures, templates, and other tools
- Design and consult on vulnerability and cyber risk scoring algorithms and associated vulnerability management processes
- Develop basic scripts and tools that enhance the vulnerability management and configuration management solution
- Consistently deliver on assigned workload, commitments, deadlines and objectives with the highest level of professionalism
- Identify threats and malicious activity and identify possible attack vectors
- Analyze current compliance processes, benchmark as needed, and provide guidance to officers, directors, and their staffs.
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Assist organizations with the design and implementation of best practice guidance, procedures, controls, and metrics that facilitates employees' ability to find and understand the external and internal compliance requirements that apply to them.
- Assist with training other cyber/network consultants in security concepts
- Be required to travel up to 25% to customer sites/some international travel
Minimum Requirements:
- Excellent verbal and written communication skills
- Security Consulting experience in support of US Government customers
- Strong understanding of US Government and Department of Defense programs, processes, and terminology
- Strong work ethic and integrity – requires team player attitude to go “above and beyond” the minimum expectations for the position
- Self-motivated and results focused; ability to strengthen the team and its mission
- Ability to successfully interface with both internal and external clients
- Ability to document and explain technical details in a concise, understandable manner
- An understanding of basic business concepts and the ability to translate technical risk into business impacts
- Ability to identify opportunities for improvement in people, process and technical domains in order to solve common business problems related to cyber security
- Experience with US government tools and frameworks used for vulnerability management and cyber security such as Tenable (ACAS), McAfee (HBSS), Forescout (C2C), Tychon and other government data sources in support of CMRS
- Experience with the family of Security Content Automation Protocol (SCAP) such as XCCDF and CCE, CPE, CVSS and CVE and a complete understanding of how CNAs work as well as the CVE ecosystem
- Experience with National Vulnerability Database (NVD), third party vulnerability datasets such as commercial databases, Google OSV, and other third party (non-NVD) vulnerability data sources
- Experience with scoring models such as OWASP Risk Rating Methodology, IWSS, EPSS, vendor specific models such as Tenable VPR and similar vulnerability and exploit predictive scoring models
- Experience working with DISA STIGs, IAVMs, IAVAs and similar concepts
- Working proficiency in general risk management concepts, particularly around information security, IT general controls, and basic audit terminology and concepts
- Fundamental understanding of data structures, CSV, JSON, ODBC connections, SQL and NoSQL based databases
- Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, IEC 62443, SANS-CAG, DoD Directive 8510.01, DoD Instruction 8500.01, and NIST Publications, FISMA and RMF
- Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC UA, PROFINET, etc.)
- Familiarity with Unix and Windows operating systems and administrative tools
- Experience with application security vulnerabilities and associated tools and technologies
- Working experience with scripting languages such as Perl, Python or BASH
Additional Qualifications:
- Experience supporting US Department of Defense cyber security use cases with strong preference to those supporting DISA or CMRS application
- Five years’ experience in vulnerability management, solution design and enterprise implementations
- Bachelor’s or Masters degree in mathematics, computer science, information technology or engineering disciplines or equivalent experience
- Certifications authorizing DOD IAT Level 3 Required
- Certified Information Systems Security Professional (CISSP) Certifications a plus
Employment Benefits:
- Highly competitive pay structure
- Medical, dental, vision, life, short- and long-term disability insurance
- HIGHLY PROGRESSIVE accommodations for dependents and family plans
- 401(k)
- 3-weeks annual PTO
- Paid holidays
- Tuition and certification reimbursement opportunities
Employment Perks:
- We promote from within and provide great employee succession planning
- Great Ongoing Learning and Development opportunities offered for certifications and tuition reimbursement
- Employee Referral Programs
- Company Sponsored Events
- Casual dress daily
Fortress is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law.
For positions located in the US, the following conditions apply. If you are made a conditional offer of employment, you will be required to undergo a drug test. ADA Disclaimer: In developing this job description care was taken to include all competencies needed to successfully perform in this position. However, for Americans with Disabilities Act (ADA) purposes, the essential functions of the job may or may not have been described for purposes of ADA reasonable accommodation. All reasonable accommodation requests will be reviewed and evaluated on a case-by-case basis.
#LI-SR1
#LI-Remote
Turnaround Business Management Consultant
American Management Services -
Orlando, FL
Leasing Consultant
Hillpointe Corporate Management -
Davenport, FL
Leasing Consultant
Arbour Valley Management, LLC -
Leesburg, FL
Salary.com Estimation for Vulnerability Management Consultant in Orlando, FL
$105,076 to $144,297
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution.
Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right.
Surveys & Data Sets
Sign up to receive alerts about other jobs with skills like those required for the Vulnerability Management Consultant.
Click the checkbox next to the jobs that you are interested in.
-
SAP Asap Methodology Skill
-
Income Estimation: $149,347 - $198,159
-
-
Business Analytics Skill
-
Income Estimation: $111,097 - $158,683
-
Income Estimation: $113,836 - $156,217
-
This job has expired.
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles
Skills Library
Job openings at Fortress Information Security
Fortress Information Security
Patuxent River, MD
Full Time
Fortress Information Security
Patuxent River, MD
Full Time
Not the job you're looking for? Here are some other Vulnerability Management Consultant jobs in the Orlando, FL area that may be a better fit.
We don't have any other Vulnerability Management Consultant jobs in the Orlando, FL area right now.
Vulnerability Management Administrator
RiseIT Solutions, Orlando, FL
Analyst Vulnerability Management
JetBlue, Orlando, FL