Vulnerability Management Analyst - Information Security Specialist 2

Full Job Description

If you are looking to further your IT security career, we are looking for you!

Join the Enterprise Information Security Office as a Vulnerability Management Analyst (Information Security Specialist 2) where you will serve as the primary conductor of vulnerability scanning and vulnerability management.

Work involves implementation, deployment and use of host and application scanning technologies.

Do not miss this opportunity to actively participate in actions that reduce the threat landscape and help reduce risk to the Commonwealth and its public service data.

Requirements

As a Vulnerability Management Analyst, you will be responsible for ensuring every asset with an IP address receives a scan or assessment based on Commonwealth and agency specifications.

Work involves troubleshooting problems that may arise from scans or from scans not working appropriately, reviewing network configurations to ensure all assets receive an appropriate scan, and managing network and cloud-based scanners and agents.

Our team will rely on you to actively search out assets that are not being scanned and ensure future scans address the assets or networks in question.

You can expect to review data returned from scans and from other sources to reduce vulnerabilities and risk to the Commonwealth.

This position provides executive and technical reports to system and application owners. You will have the opportunity to assist other analysts that are involved with application-level scanning.

This is in the form of SAST (static analysis security testing), SCA (software composition analysis) and DAST (dynamic application scanning technology) scanning technologies.

Attending meetings as a subject matter expert in the field of vulnerability scanning or vulnerability management will be included in your duties.

Interested in learning more? Additional details regarding this position can be found in the position description.

Work Schedule and Additional Information:

• Full-time employment
• Work hours are 8:00 AM to 5:00 PM, Monday - Friday, with 60-minute lunch.

Telework: You may have the opportunity to work from home (telework) part-time. Position will be required to work in the office two days per week.

In order to telework, you must have a securely configured high-speed internet connection and work from an approved location inside Pennsylvania.

If you are unable to telework, you will have the option to report to the headquarters office in Harrisburg. The ability to telework is subject to change at any time.

Additional details may be provided during the interview.

• Salary: In some cases, the starting salary may be non-negotiable.
• You will receive further communication regarding this position via email. Check your email, including spam/junk folders, for these notices.

Qualifications

QUALIFICATIONS

Minimum Experience and Training Requirements:

• One year as an Information Security Specialist 1 (Commonwealth job title or equivalent Federal Government job title, as determined by the Office of Administration); or
• Three years of experience performing technical work in information technology security, and an associate’s degree in any information technology field; or
• One year of experience performing technical work in information technology security, and a bachelor’s degree in any information technology field; or
• An equivalent combination of experience and training.

Additional Requirements:

• Must possess three or more years of full-time professional experience with vulnerability scanning or management of vulnerability scan data.
• Must possess at least one of these Armis certifications: Foundations, ASQ Basics, ASQ Advanced, Devices and Policies Risk, Tenable One Exposure Management Platform or Tenable Vulnerability Management.
• You must meet the PA residency requirement. For more information on ways to meet PA residency requirements, follow the link and click on Residency.
• You must be able to perform essential job functions.

Legal Requirement:

• You must pass a background investigation and meet Criminal Justice Information Services (CJIS) compliance requirements.
• A conditional offer of employment may be contingent upon successful completion of a Pennsylvania State Police background check.

How to Apply:

Resumes, cover letters, and similar documents will not be reviewed, and the information contained therein will not be considered for the purposes of determining your eligibility for the position.

Information to support your eligibility for the position must be provided on the application (i.e., relevant, detailed experience/education).

If you are claiming education in your answers to the supplemental application questions, you must attach a copy of your college transcripts for your claim to be accepted toward meeting the minimum requirements. Unofficial transcripts are acceptable.

Your application must be submitted by the posting closing date. Late applications and other required materials will not be accepted.

Failure to comply with the above application requirements may eliminate you from consideration for this position.

All application materials and interview responses must reflect the applicant’s own experience, qualifications, and work. Applicants may use generative AI tools for preparation purposes only.

Use of AI to misrepresent or falsify information, or to assist during interviews, is not permitted. Review the Guidance for Generative AI Tools & Job Seekers for additional information.

Veterans:

• Pennsylvania law (51 Pa. C.S. §7103) provides employment preference for qualified veterans for appointment to many state and local government jobs. To learn more about employment preferences for veterans, go to www.pa.gov/agencies/employment/how-to-apply.html and click on Veterans.

Telecommunications Relay Service (TRS):

• 711 (hearing and speech disabilities or other individuals).

If you are contacted for an interview and need accommodations due to a disability, please discuss your request for accommodations with the interviewer in advance of your interview date.

The Commonwealth is an equal employment opportunity employer and is committed to a diverse workforce.

The Commonwealth values inclusion as we seek to recruit, develop, and retain the most qualified people to serve the citizens of Pennsylvania.

The Commonwealth does not discriminate on the basis of race, color, religious creed, ancestry, union membership, age, gender, sexual orientation, gender identity or expression, national origin, AIDS or HIV status, disability, or any other categories protected by applicable federal or state law.

All diverse candidates are encouraged to apply.

Additional Information

• Completing the application, including all supplemental questions, serves as your exam for this position. No additional exam is required at a test center (also referred to as a written exam).
• Your score is based on the detailed information you provide on your application and in response to the supplemental questions.
• Your score is valid for this specific posting only.
• You must provide complete and accurate information or:
  • your score may be lower than deserved.
  • you may be disqualified.
• You may only apply/test once for this posting.
• Your results will be provided via email.