Vulnerabililty Management Consultant

Role Overview:

We are seeking a seasoned Vulnerability Management Consultant to lead and enhance our organization's vulnerability management program. This role involves identifying, assessing, prioritizing, and remediating security vulnerabilities across our IT infrastructure, ensuring alignment with industry best practices and compliance frameworks. The candidate should also be familiar with healthcare-specific regulations such as HIPAA, HITECH, and HITRUST.

The ideal candidate will possess a strategic mindset, technical proficiency, and the ability to collaborate across departments, while also being able to work independently to fortify our client's security posture.

This position is within the metropole of New York, with the flexibility to travel on-site as needed. Will consider remote.

Vulnerability Identification & Assessment

• Conduct regular vulnerability scans using tools such as Nessus, Qualys, or Rapid7.
• Analyze scan results to identify potential security weaknesses.
• Maintain an up-to-date inventory of assets to ensure comprehensive coverage.

Risk-Based Prioritization

• Evaluate vulnerabilities using the Common Vulnerability Scoring System (CVSS) and other risk assessment methodologies.
• Prioritize remediation efforts based on potential impact and exploitability.

Remediation & Mitigation

• Collaborate with IT and development teams to remediate identified vulnerabilities.
• Implement mitigation strategies when immediate remediation is not feasible.
• Track remediation efforts to ensure timely resolution.

Program Development & Enhancement

• Design and implement a structured vulnerability management lifecycle.
• Integrate automation and orchestration to streamline processes.

Compliance & Reporting

• Ensure practices comply with frameworks such as NIST RMF, NIST SP 800-53, NIST SP 800-40, ISO/IEC 27005, and ITIL.
• Prepare detailed reports for stakeholders.

Stakeholder Collaboration

• Engage with cross-functional teams to promote security awareness.
• Provide guidance and training on vulnerability management.

Qualifications

Education & Experience

Bachelor's degree in Computer Science, Information Security, or a related field. Number of years of experience will also be considered.

Minimum of 5 years of experience in cybersecurity, with a focus on vulnerability management.

Certifications

Relevant industry standard certifications such as CISSP, CISM, or CompTIA Security+.

Technical Skills

• Experience with Nessus, Qualys, Rapid7 InsightVM, OpenVAS.
• Familiarity with Burp Suite, OWASP ZAP.
• Manual testing techniques to validate scan results.
• Expertise with CVSS, CVE analysis.
• Threat modeling to understand attack vectors.
• Understanding of NIST RMF, NIST SP 800-53, NIST SP 800-40, ISO/IEC 27001/27002, ITIL.
• Familiarity with HIPAA, PCI DSS, and GDPR requirements.
• Knowledge of Windows, Linux, Unix, including system hardening.
• Understanding of TCP/IP, DNS, HTTP/S.
• Proficiency in Python, PowerShell, Bash.
• Integration of scanning tools into CI/CD pipelines.
• Experience with AWS, Azure, GCP and native security tools.
• Familiarity with Docker, Kubernetes, or related container security tools.
• Experience with Splunk, LogRhythm, QRadar.
• Ability to correlate vulnerability data with security events.