Principal Consultant - Senior Vulnerability Management Engineer/Analyst

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We're independent and vendor-neutral, so we have our clients' best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

As a senior vulnerability management engineer/analyst in NYSTEC's Cybersecurity and Data Privacy Practice, you will collaborate with team members to conceptualize, deliver, and support our clients through today's ever-changing cybersecurity landscape. NYSTEC is considered a trusted advisor, partner of choice, and employer of choice. We believe that every interaction is an opportunity to deliver exceptional service that empowers client success.

Serving as a senior vulnerability management engineer/analyst, your day-to-day role as a NYSTEC consultant will include understanding the technical details of vulnerabilities, explaining details to both technical and non-technical stakeholders, assessing impacts and providing remediation support.

NYSTEC is looking for a dedicated and qualified technical resource to assist a New York City (NYC) organization with day-to-day vulnerability management activities.

This role will be performed onsite in NYC.

• Use tools such as Tenable, and Rapid 7 to discover vulnerabilities (including scans, setup alerts, etc.).
• Analyze the security reports from Rapid 7, Tenable, Arista, Armis, Splunk, and SecureWorks, and resolve/report vulnerabilities.
• Analyze identified vulnerabilities (including zero-day vulnerabilities) and identify false positives.
• Identify systems impacted, determining organizational impact, recommending compensating and mitigating controls, and prioritizing remediation efforts.
• Support organizational staff with remediation efforts, track, and interact with internal and external stakeholders.
• Track and validate the remediation of patches to systems and applications (security regression testing).
• Assist with reviewing and interpreting the results of regular internal and external vulnerability scans.
• Recommend mitigation controls and, if required, submit POAMs.
• Perform correlation searches in Splunk.
• Assist with monitoring and analyzing data from security systems (such as intrusion detection/prevention [IDS/IPS] logs) to determine any patterns indicating a compromised system(s).
• Understand patch management tools and processes.
• Track the status of all vulnerability remediation activities in the FDNY ServiceNow and SharePoint systems.

• Experience with tools including, but not limited to CrowdStrike, Arista, Armis, Splunk, SecureWorks, Tenable, and Rapid 7.
• Ability to understand the technical details of vulnerabilities, to explain the details to a technical and nontechnical audience, and to describe how they impact the organization.
• Deep knowledge of operating systems and network protocols.
• Exceptional technical understanding of vulnerabilities and attacker tools and methods.
• Experience with vulnerability discovery techniques and tools.
• Knowledge of ServiceNow.
• Experience with IDS/IPS systems and analyzing threat logs.
• Experience with hands-on testing to confirm vulnerabilities and their remediation.
• Ability to work in a team setting.
• Proficient technical, communication, writing, and persuasion skills.

• Experience analyzing SOC alerts.
• Experience with web application testing and tools.

• A bachelor's degree in cybersecurity or a related field of study and eight or more years of experience with five years of experience with vulnerability assessments and management, penetration testing, security assessments and monitoring solutions.
• An equivalent combination of advanced education, training, and/or experience will be considered.

The pay range for this position is $121,000 to $166,000. When determining compensation, we analyze and carefully consider several factors, including skill set, experience, location, and job-related qualifications.

It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact recruitment@nystec.com if you require a reasonable accommodation to apply for or to perform this job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Applicants must be authorized to work in the United States without the need for visa sponsorship now or in the future.

Learn more about NYSTEC by visiting www.nystec.com.