HHS Tenable Administrator

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: 5 days ago

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Tenable Administrator to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Information Technology or related field.
Minimum 57 years of experience supporting enterprise vulnerability management programs.
Hands-on experience administering Tenable platforms in large complex environments.
Strong knowledge of vulnerability management standards CVSS and remediation best practices.
Experience integrating vulnerability data with SOC SIEM and eGRC platforms.
Knowledge of NIST SP 800-53 NIST SP 800-30 NIST SP 800-137 and federal vulnerability management requirements.
Strong analytical troubleshooting and documentation skills.
Active Tenable Certified Administrator certification
Security CISSP or CEH preferred.

Duties:

Administer configure and maintain Tenable platforms including Nessus and Nessus Agents.
Design and manage authenticated and unauthenticated vulnerability scans across servers endpoints network devices databases applications and cloud environments.
Ensure proper deployment health and coverage of scanning agents and sensors across the HRSA enterprise.
Maintain scan schedules credentials policies and exclusions in accordance with HRSA standards.
Analyze scan results to ensure accuracy eliminate false positives and validate vulnerability findings.
Support vulnerability prioritization using CVSS scores Known Exploited Vulnerabilities (KEV) and threat intelligence.
Integrate Tenable with SIEM eGRC (RSA Archer) ticketing systems and asset inventories.
Develop and maintain vulnerability dashboards metrics and reports for ISSOs system owners and leadership.
Support remediation tracking by providing scan evidence and validation for POA&M closure.
Perform configuration and compliance scans using DISA STIGs and CIS Benchmarks.
Support penetration testing and red team activities by providing vulnerability intelligence.
Maintain SLAs for vulnerability scan requests reporting and remediation verification.
Develop and maintain Tenable SOPs workflows and technical documentation.
Support audits OIG reviews and data calls related to vulnerability management activities.
Coordinate with system owners ISSOs SOC analysts and engineers to resolve scanning issues and reduce risk.

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Information Technology or related field.
Minimum 57 years of experience supporting enterprise vulnerability management programs.
Hands-on experience administering Tenable platforms in large complex environments.
Strong knowledge of vulnerability management standards CVSS and remediation best practices.
Experience integrating vulnerability data with SOC SIEM and eGRC platforms.
Knowledge of NIST SP 800-53 NIST SP 800-30 NIST SP 800-137 and federal vulnerability management requirements.
Strong analytical troubleshooting and documentation skills.
Active Tenable Certified Administrator certification
Security CISSP or CEH preferred.

Duties:

Administer configure and maintain Tenable platforms including Nessus and Nessus Agents.
Design and manage authenticated and unauthenticated vulnerability scans across servers endpoints network devices databases applications and cloud environments.
Ensure proper deployment health and coverage of scanning agents and sensors across the HRSA enterprise.
Maintain scan schedules credentials policies and exclusions in accordance with HRSA standards.
Analyze scan results to ensure accuracy eliminate false positives and validate vulnerability findings.
Support vulnerability prioritization using CVSS scores Known Exploited Vulnerabilities (KEV) and threat intelligence.
Integrate Tenable with SIEM eGRC (RSA Archer) ticketing systems and asset inventories.
Develop and maintain vulnerability dashboards metrics and reports for ISSOs system owners and leadership.
Support remediation tracking by providing scan evidence and validation for POA&M closure.
Perform configuration and compliance scans using DISA STIGs and CIS Benchmarks.
Support penetration testing and red team activities by providing vulnerability intelligence.
Maintain SLAs for vulnerability scan requests reporting and remediation verification.
Develop and maintain Tenable SOPs workflows and technical documentation.
Support audits OIG reviews and data calls related to vulnerability management activities.
Coordinate with system owners ISSOs SOC analysts and engineers to resolve scanning issues and reduce risk.