Cyber Command Vulnerability Management Specialist 4
Cyber Command Vulnerability Management Specialist 4
Posted on :
10-07-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Jobs by Experience
5years
Monthly Salary
Not Disclosed
Salary Not Disclosed
Vacancy
1 Vacancy
Posted on :
10-07-2025
Job Description
Job Title: Cyber Command Vulnerability Management Specialist 4
Location: Brooklyn NY 11201
Note: Hybrid: 3 days per week in office at 11 MetroTech Center 5th Floor Brooklyn NY 11201 / 2 days per week remote
Job Description:
- The Threat Management - Vulnerability Management Specialist MWBE is essential to OTI Cyber Commands Vulnerability Management program and its ability to defend City systems from cyber threat including direct support of public safety revenue generating and City operations that provide everyday services to citizens.
- The resource will contribute to OTI Cyber Command s ability to issue timely vulnerability notifications and prioritized system patching info. Without timely vulnerability notification and patching the City cannot effectively adjust its defensive controls and reduce it s attack surface resulting in the increased likelihood of cyber events that may require costly remediation efforts.
- The threat to the City s attack surface has only continued to grow due to a 40% increase of vulnerabilities in the technology used across the City agencies. These vulnerabilities are leveraged by attackers to commit malicious events such as information theft and ransomware.
VM requires this additional MWBE resource to address:
Current staffing shortage
Increased capacity needs due to vulnerability increases from industry wide 40% increase agency scanner and agent deployment container scanning.
SCOPE OF SERVICES
- The Cyber Command Threat Management division within OTI requires a Vulnerability Management Specialist to serve as a subject matter expert for vulnerability management: Tasks
Research analyze and brief management and team members on relevant Risk CVE s CVSS Vector Strings NVD Mitre attack vectors and mitigation for various technologies
Design architect and build Rapid7 vulnerability management scanning infrastructure and tools
Manage configure and conduct Vulnerability Management scans in Rapid7 across various networks
Conduct vulnerability management analysis through industry research deep analysis generating of reports and dashboards in Rapid7 to accurately assess and prioritize risk
Evaluate security vulnerabilities assess risk and impact develop mitigation strategies and implement remediation
Present succinct technical briefings to team members and customers for intel research risk assessment CVE s vendor hardware/software industry trends
Create scripts utilizing Python PowerShell and others to automate vulnerability management tasks
The ability to automate detection reporting and tracking of vulnerabilities identified
Create deep analysis and reports around vulnerability management utilizing Rapid7 dashboards and reports scripts Excel and PowerPoint
Travel within NYC for various projects when necessary
MANDATORY SKILLS/EXPERIENCE
Note: Candidates who do not have the mandatory skills will not be considered
At least 8 years of experience in Cybersecurity including vulnerability management scanning tools vulnerability assessments attack surface management scripting vulnerability intel analysis vulnerability management scan result analysis Excel
Strong knowledge of CVE s CVSS Vector Strings NVD Mitre attack vectors and mitigations
Experience with the design architect and build of vulnerability management scanning infrastructure and tools specifically Rapid7; extensive hands-on experience conducting Rapid7 vulnerability scans across various networks; experience conducting Rapid7 vulnerability management analysis through reports and dashboards to accurately identify risk
Experience evaluating security vulnerabilities assessing risk and impact developing mitigation strategies and implementing remediation
Experience conducting intel research around CVE s vendor hardware/software vulnerabilities and presenting succinct technical overviews to team members and customers
Extensive experience with scripting such as Python and PowerShell to automate vulnerability management tasks
Extensive experience with Excel especially for performing data analysis through VLookup and Pivot Tables
DESIRABLE SKILLS/EXPERIENCE:
Provide oral and written reports on vulnerability risk to the team and possibly agencies technical stakeholders
Ability to evaluate the current threat landscape that includes tactics techniques and procedures
Work with agencies to evangelize the OTI Cyber Command program around areas of cybersecurity posture enhancement risk reduction attack surface management vulnerability management scanning tool performance scan results credentialed scans triage scan performance issues socialize risk and remediation and other vulnerability management issues
Experience using Tableau for reporting and analysis purposes
Strong background with next generation firewall products intrusion detection systems DMZ IPSec DNS SMTP HTTP VPN proxies etc.
Knowledge of security best practices across multiple platforms such as Microsoft Windows VMWare Linux VPN Cisco IOS and Mobile OS Android/Apple IOS.
Knowledge of public-key cryptography understanding of encoding encryption and hashing techniques
Knowledge of security best practices: NIST CIS Cisco Juniper Palo Alto Fortinet Checkpoint F5 Microsoft Unix/Linux etc.
Ability to analyze Cybersecurity documentation including security policies plans and procedures.
Extensive experience with Windows and Linux Servers
Exceptional written and oral communication skills
Exceptional organizational and analytical skills
Certifications such as Certified Information Systems Security Professional (CISSP) Certification Security Essentials Certification (GSEC) Certified Intrusion Analyst (GCIA) Certified Incident Handler (GCIH) Certified Ethical Hacker (CEH) Certified Penetration Tester (CWAPT)
If you are: bright motivated skilled a difference-maker able to get things done work with minimum direction
enthusiastic a thinker able to juggle and multi-task communicate effectively and lead then
we would like to hear from you. We need exceptionally capable people for this role for our client
so get back to us and tell us why you think you are a fit.
About Us:
Since 2000 Tri-Force Consulting Services () has been an MBE/SDB certified IT Consulting
firm in the Philadelphia region. Tri-Force specializes in IT staffing software development (web and mobile apps)
systems integration data analytics system automation cybersecurity and cloud technology solutions for government
and commercial clients. Tri-Force works with clients to overcome obstacles such as increasing productivity
increasing efficiencies through automation and lowering costs. Our clients benefit from our three distinguishing
core values: integrity diligence and technological excellence.
Tri-Force is a six-time winner among the fastest-growing companies in Philadelphia and a four-time winner on the
Inc. 5000 list of the nations fastest-growing companies.
2-3 years of experience in cloud engineering and infrastructure support. Hands-on experience with cloud architecture, deployment, and migration in AWS and Azure. Strong networking knowledge and enterprise IT infrastructure management. Scripting and automation skills (e.g., PowerShell, Bash, Python). Understanding of IT security principles, especially in government or regulated environments. Knowledge of ITIL and DevOps best practices. Strong analytical, troubleshooting, and communication skills. Experience working with or within public sector/government agencies is a plus.
Education
Knowledge of ITIL and DevOps best practices. Strong analytical, troubleshooting, and communication skills.
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
