Job Description :
Job Title: Senior Cybersecurity Analyst

Location: Ewing Township, NJ

Duration: 12Months

Visa Status: USC

Experience Required:

A minimum of Five (5) years of network and information security experience.

Experience Preferred:

Relevant security certifications preferred (i.e. CISSP, CRISC, CEH, CISA, CISM, GPEN, etc

Position Description:

Responsible for developing the effectiveness and leading the activities of the NJCCIC Vulnerability Management Team

Responsible for researching, implementing, and configuring vulnerability assessment tools

Supervise and conduct infrastructure and application vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools

Analyze results and engage with information technology and security teams in order to resolve identified security vulnerabilities and deficiencies.

Identify and resolve any false positive findings in assessment results.

Produce metrics and reporting on the state of Executive Branch and individual agency security infrastructures, applications, and operations.

Oversee Remediation Activities including: - Manage tracking and remediation of vulnerabilities by leveraging agreed upon action plans and timelines with vendors and support teams. - Schedule and facilitate meetings with vendors and support teams to review remediation status. - Validate remediation by reviewing vulnerability results and providing status updates - Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions. - Help key stakeholders with vulnerability remediation (researching how to fix, what patch to apply, what configuration change(s) to make, etc

Actively participate in information security compliance reviews, audits and the remediation and mitigation of identified risks

Drive continuous improvement of the cyber security program through identification of risk, recommendations for improvements, automation of alerts and remediation, and communication with key information security and information technology partners.

Work with cross-functional teams to deliver an enterprise security posture that evolves with business, technological, and threat landscape changes

Develop and implement hunt techniques for the identification of threat actors across Executive Branch environments

Provide subject matter expertise, leadership and coordination for the Vulnerability Management Team •Assist with incident response activities as appropriate including triage, root cause analysis, kill chain analysis, escalations, notifications, communication, etc., and in accordance with the State’s Information Security Incident Response Plan

Mentor and train other employees to improve their skills and effectiveness

Assist with the development and management of the cybersecurity budget

Other information security duties as assigned

Skills Required:

Proven ability to perform infrastructure and application vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools

Experience in Security metrics reporting demonstrating risk reduction, trending and overall security posture of the company in terms of vulnerability management

Experience in other network infrastructure security technologies (DLP, IDM, SIEM, Proxy, IDS/IPS, Firewalls, PKI, Multifactor authentication etc is a plus

Experience reviewing 3rd party security reports (SSAE16 SOC 1 and 2, penetration testing reports, SIG) against industry security standards (CSA, NIST, CIS, OWASP) as part of an overall vendor management program.

Knowledge of system and application security threats and vulnerabilities, current and emerging threats/threat vectors, server and client operating systems (Windows, Unix, Mac OSX

Strong knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption), intrusion detection methodologies and techniques for detecting host- and network-based intrusions via intrusion detection technologies.

Extensive experience with risk management processes, including steps and methods for assessing risk

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, covert channel, replay, return-oriented attacks, malicious code

Extensive implementation experience with security and networking architecture, networking protocols, network security design, wireless security, intrusion prevention/detection, and firewall architecture.

Specific product experience that is desirable includes: Tenable Nessus, Rapid7 Nexpose and Metasploit, IBM Appscan, Burpsuite, Wireshark, etc.

Knowledge of security frameworks including NIST, ISO 27001/2, etc.

Proficiency in Microsoft software: Outlook, Word, Excel, PowerPoint, and Visio

Strong written and verbal communication skills

Must demonstrate effective, decision making, results delivery, team building, and the ability to stay current with relevant technologies, security tools and practices

Ability to manage multiple projects, priorities and deadlines

Ability to mentor other employees to improve their skills and effectiveness.

Ability to design, resource, status, and complete projects on time and on budget independently, with minimal supervision.

Demonstrated initiative, customer orientation, and team work competencies

Adaptability, flexibility and ability to work as part of a team or in an individual capacity

Education Required:

Bachelor Degree in computer science, engineering, information security or an equivalent combination of education, training, and experience

Client : State of NJ