SOC Vulnerability Management Program Security Analyst
Chelsea, MA, USA
USD 82,752.02-123,455.02 / year
Description
The Executive Office of Technology Services and Security (EOTSS) is the lead enterprise technology organization for the Commonwealth of Massachusetts. Charged with driving the ongoing alignment of business and technology across the Commonwealth’s Executive Branch, EOTSS oversees and manages the enterprise technology, digital infrastructure and services, as well as the Commonwealth Security Operations Center and an enterprise Standard Operating Environment that includes an information security and risk management framework for over 125 state agencies and over 43,000 state employees. We directly serve our constituents by providing digital services and tools that enable taxpayers, drivers, businesses, visitors, families and other citizens to do business with the Commonwealth in a way that makes every interaction with government easier, faster, and more secure.
Our Mission: We provide technology leadership across the Commonwealth to enhance the quality of public service and foster positive community outcomes.
EOTSS is seeking to hire a SOC Vulnerability Management Program Security Analyst II to join the Security Operations Team. This is an exciting opportunity for an IT professional to join an exceptionally skilled team and contribute to critical statewide initiatives. The SOC VMP Security Analyst II is responsible for providing security vulnerability scanning, reporting, tracking, remediation, and analysis through continuous evaluation and prioritization of exposures. The successful candidate will have working knowledge of application, network, and operating system security frameworks and best practices. The incumbent of this role will assist with the development and implementation of the Enterprise Vulnerability Management Program as a member of the Vulnerability Management team
The primary work location for this role will be at 200 Arlington Street Chelsea, Massachusetts 02150. The work schedule for this position is Monday through Friday, 9AM to 5PM EST. This position is expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed.
All offers of employment into this position are conditional and subject to passing: a Massachusetts Criminal Background Check (CORI); a security clearance (fingerprinting) consistent with IRS and/or public safety requirements; and security training.
Responsibilities:
· Act as primary point of contact for one or more secretariats and/or agencies by establishing a regular cadence to review status of security posture while driving continuous improvements in security practices.
· Conduct vulnerability scans and assessments of the environment by analyzing the output from automated scanning tools to identify security weaknesses. The goal is to maintain continuous visibility into the security posture and proactively detect new vulnerabilities as soon as they appear, ensuring the organization stays one step ahead of potential threats.
· Communicate and report vulnerabilities by notifying system owners and other stakeholders through both formal written reports and informal discussions. This ensures that all parties are aware of the risks and the steps being taken to mitigate them, fostering essential collaboration and accountability across the organization.
· Maintain threat intelligence knowledge as well as the threat landscape by collecting and cataloging threat indicators from various sources. Understanding the latest threats and attack methods allowing technology stakeholders to be more proactive in its defenses, anticipating which new vulnerabilities might be targeted and focusing remediation efforts accordingly.
· Track and analyze vulnerability metrics over time by compiling data on their discovery and remediation status for tracking purposes. This quantitative data provides a way to measure the effectiveness of the vulnerability management program, demonstrating progress and helping to identify long-term security trends.
· Assist with prioritization of vulnerabilities on customer assets. This involves rating each vulnerability based on its severity and potential impact to set a clear remediation timeline, ensuring that the most critical risks are addressed first and resources are used efficiently.
· Other duties and responsibilities, as directed by management to address the changing threat landscape.
Preferred Knowledge, Skills, and Abilities:
· Minimum of two (2) years of professional experience in information security or IT security, providing technical guidance across systems, networks, and applications in support of vulnerability management initiatives.
· Passion for cybersecurity with a strong commitment to continuous learning and professional development.
· Strong understanding of networking concepts, Windows and Linux operating systems, and common security protocols.
· Experience supporting vulnerability management programs, including vulnerability assessment tools, cloud security solutions, and related technologies.
· Experience coordinating with third-party penetration testing vendors, including engagement scoping, testing coordination, results review, remediation tracking, and reporting.
· Working knowledge of cloud computing platforms and security principles across Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) environment, including AWS and/or Microsoft Azure.
· Strong knowledge of networking and infrastructure technologies, including TCP/IP, DNS, DHCP, subnetting, routing, VLANs, VPNs, packet analysis, Active Directory, Microsoft 365, and SSL/TLS certificates.
· Understanding of industry-standard vulnerability scoring methodologies, including the Common Vulnerability Scoring System (CVSS).
· Experience with enterprise vulnerability management and application security tools, such as the Tenable One platform (Vulnerability Management, Cloud Security, Attack Surface Management, and Exposure Management) and Veracode.
· Strong analytical, organizational, and problem-solving skills with exceptional attention to detail.
· Excellent written and verbal communication skills, including the ability to communicate technical findings, priorities, and remediation recommendations to technical and non-technical stakeholders.
· Ability to manage multiple priorities, work independently and collaboratively, and adapt quickly in a fast-paced environment.
· Experience with Veracode SAST, DAST, and Software Composition Analysis (SCA).
· Experience with scripting languages such as Python, PowerShell, JavaScript, PHP, or Ruby.
· Experience implementing or supporting Security Orchestration, Automation, and Response (SOAR) platforms.
· Hands-on experience with the Tenable One ecosystem, including Vulnerability Management, Cloud Security, Attack Surface Management, and Exposure Management.
· Relevant industry certifications such as GIAC Enterprise Vulnerability Assessor (GEVA), CompTIA PenTest+, or vendor certifications from Tenable, Qualys, or similar vulnerability management platforms.
Qualifications
First consideration will be given to those applicants that apply within the first 14 days.
Minimum Entrance Requirements:
Applicants must have (A) at least two (2) years of full-time or equivalent part-time professional or practical experience in the field of information technology security, or (B) any equivalent combination of the required experience and the substitutions below.
Substitutions:
I. An Associate’s degree in a related field may substitute for one (1) year of the required experience.
II. A Bachelor’s degree or higher in a related field may substitute for the required experience.
Comprehensive Benefits
When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.
Want the specifics? Explore our Employee Benefits and Rewards!
An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.
The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law. Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage individuals who believe they have the skills necessary to thrive to apply for this role.