Vulnerability Assessment Security Engineer

Req ID:304742

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Vulnerability Assessment Security Engineer to join our team in Rockville, Maryland (US-MD), United States (US).

NTT DATA is seeking a highly motivated, flexible, organized, and detail oriented Information Security Engineer - Vulnerability Assessment to join our dynamic team at Rockville, MD. If you want to learn, grow, and help then this is the job for you. We support a project/customer that "seeks to better understand, treat, and ultimately prevent infectious, immunologic, and allergic disease seeks fundamental knowledge about the nature and behavior of living systems and the application of that knowledge to enhance health, lengthen life, and reduce illness and disability." What you do matters and has a significant impact on the medical and scientific communities we serve. Your work here really matters and has a real impact.

Responsibilities
This role will be primarily responsible for performing assessments of systems and networks within the network environment to identify where those systems/networks deviate from acceptable configurations or policies, and for measuring the effectiveness of defense-in-depth architecture against known/detected vulnerabilities as per the federal cybersecurity standards & guidelines.

* Analyze an organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
* Support authorized penetration testing on enterprise network assets.
* Prepare reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions;
* Perform vulnerability analysis; Measure the effectiveness of controls against known vulnerabilities.
* Work with stakeholders (system administrators and owners) to manage risks\vulnerabilities
* Perform technical (evaluation of technologies) and non-technical (evaluation of people and operations) impact\risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, supporting infrastructure, and applications).
* Identify systemic security issues based on the analysis of vulnerability and configuration data
* Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes).
* Ensure remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.; Provide clear updates to management on vulnerabilities; Investigate, document, and report on the status and emerging trends
* Maintain up-to-date vulnerability profiles, including respective detection and countermeasures
* Participate in industry task forces and working groups where appropriate to understand current and emerging vulnerabilities to stay up to date

Job Requirements
* Minimum 8 years' experience in Information Security is required along with a minimum of 4 years of hands-on experience in at least 4 of the following:

- Application of Risk management frameworks and processes
- Use of vulnerability management tools; AppScan, Tenable, Invicti, ForeScout and DbProtect preferred
- Creating\improving risk management policies, procedures, and operations
- Participating in cross-functional efforts for managing organization-wide risks
- Conducting Penetration Tests using Kali and\or CoreImpact
- Collecting, organizing, analyzing and reporting updates, alerts, advisories, and bulletins
- Use of industry-standards and widely accepted analysis principles and methods

Must know
- Risk management processes (e.g., methods for assessing and mitigating risk).
- Cybersecurity principles, security models, organizational requirements (w.r.t. confidentiality, integrity, availability, authentication, non-repudiation), cyber threats, risks and vulnerabilities, cryptography and cryptographic key management concepts, host/network access control mechanisms (e.g., ACLs), network access, identity, & access management (e.g., PKIs), Computer networking concepts and protocols, and network security methodologies.
- Ethical hacking principles, general attack stages; Specific operational impacts of cybersecurity lapses; programming language structures and logic.
- Basic system administration, network, and operating system hardening techniques

Must be

- Able to communicate, verbally and in writing, complex technical issues with simplicity & clarity
- Strong Interpersonal skills, excellent attention to detail and analytical skills
- Able to exercise discretion and maintain confidentiality
- Proficient in reporting and answering analytical questions using vulnerability data

Education/Certifications

- Applicants selected will be subject to a Public Trust background security investigation and may need to meet eligibility requirements for access to sensitive information.
- A BA or BS degree in MIS, CS, or related cybersecurity discipline (Masters preferred)
- Industry standards such as CEH, CRISC, GRCP or related GIAC (preferred but not required)

#INDPUBLIC

#LI-PS

About NTT DATA

NTT DATA is a $30 billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies.Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are one of the leading providers of digital and AI infrastructure in the world. NTT DATA is a part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. Visit us atus.nttdata.com

NTT DATA endeavors to make https://us.nttdata.comaccessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us.This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.