Analyst III, Threat & Vulnerability Management (TVM)

The Threat and Vulnerability Management (TVM) Analyst participates in reducing the risk of computing assets through the identification and assessment of network and application security vulnerabilities. The Analyst is responsible for analysis of the data generated by the vulnerability management solutions, coordination of remediation with internal stakeholders through the enterprise, and completion of day to day tasks associated with vulnerability management program. Works in partnership with all departments to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company. Develops and maintains a portfolio of TVM standards and procedures. Essential Duties & Responsibilities:

• Schedule and perform regular scanning activities of both corporate and cloud environments to identify network, host, and application security vulnerabilities
• Review security vulnerabilities across a variety of technologies and environments to identify risks to computing assets
• Provide technical vulnerability analysis and remediation options
• Lead discussions with internal stakeholders to ensure remediation efforts adhere to corporate standards
• Identify attack surface reduction opportunities through vulnerability data analysis
• Maintain and compose operational process documentation regarding program execution
• Provide mentorship and training to junior members to the team on vulnerability analysis & risk ratings
• Performs other related duties as assigned.

• Bachelor's degree with 5 years of security or technology related experience, 7 years preferred
• Professional certifications, such as Security+, CEH, or CISSP, desirable
• Knowledge of IPv4 network architecture and core services
• Knowledge of web application development and architecture
• Knowledge of network security controls
• Knowledge of vulnerability management
• Experience with interactive and dynamic application security testing tools
• Experience with vulnerability management (VM) tools
• Familiarity with OWASP Top 10, WASC Threat Classification, and CVE
• Familiarity with NIST SP 800-53
• Excellent analytical, decision-making, and problem-solving skills
• Must be able to multitask in a fast-paced environment with focus on timeliness, documentation, and communications with peers and business users alike
• Ability to communicate well, both verbally and in writing, to technical and non-technical audiences of various levels within Maximus or outside the organization (executives, auditors, clients, etc.)
• Results oriented, business focused, and successful at interfacing across multiple organizational units