Vulnerability Management Technician III
BankOnIT · Oklahoma City, OK · Yesterday
Information TechnologyFull-time
Position Summary
The Vulnerability Management Technician (T3) is responsible for working all aspects of the team's Internal Vulnerability Assessment (IVA) and External Vulnerability Assessment (EVA) service, and for beginning direct involvement in 3rd-party assessment engagements, including penetration tests.
Essential Duties And Responsibilities
- Perform internal and external vulnerability scans across applicable systems, networks, and applications.
- Analyze scan results to identify, validate, and prioritize vulnerabilities based on severity and business impact.
- Perform technical and nontechnical risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, applications).
- Track remediation status of identified findings through resolution, escalating overdue or high-severity items to the Vulnerability Management Team Supervisor.
- Prepare clear, accurate reports summarizing findings, technical detail, and recommended remediation steps.
- Measure the effectiveness of defense-in-depth architecture against known vulnerabilities.
3rd-Party Assessment Support
- Support the intake, scoping, and coordination of 3rd-party IVA, EVA, and penetration test engagements.
- Aid in preparing environments and documentation for 3rd-party assessors and coordinate access as needed.
- Review 3rd-party assessment findings, validate results, and support remediation planning and tracking alongside internally identified findings.
- Maintain current knowledge of applicable cyber defense policies, regulations, and compliance documents relevant to vulnerability and assessment work.
Required Knowledge, Skills, And Abilities
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of cybersecurity and privacy principles, and of cyber threats and vulnerabilities.
- Knowledge of application vulnerabilities and Application Security Risks (e.g., OWASP Top 10).
- Knowledge of network security architecture concepts, including topology, protocols, components, and defense-in-depth principles.
- Knowledge of network protocols such as TCP/IP, DHCP, DNS, and directory services.
- Knowledge of system administration concepts across common operating systems (e.g., Unix/Linux, Windows).
- Knowledge of penetration testing principles, tools, and techniques.
- Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
- Skill in using network analysis tools to identify vulnerabilities (e.g., fuzzing, Nmap).
- Skill in conducting application vulnerability assessments.
- Ability to work independently within established procedures and escalate appropriately.
- Ability to communicate technical findings clearly in written reports and to team leadership.
Physical Demands
- Regularly required to talk or hear.
- Frequently required to sit for long periods of time; stand; walk; use hands to type, handle or feel; and reach with hands and arms.
- Occasionally required to stoop, kneel, crouch, or crawl.
- Occasionally lift and move up to 25 pounds.
Minimum Qualifications
- 3+ years of experience in vulnerability assessment, IT security, or a related technical role.
- Demonstrated experience with vulnerability scanning tools and vulnerability management platforms.
- Working knowledge of internal and external vulnerability assessment processes.
- Bachelor's degree in Computer Science, Information Security, or a related field preferred, or equivalent professional experience.
Preferred Qualifications
- Industry certification such as CompTIA Security+, CySA+, or PenTest+.
- Prior exposure to 3rd-party penetration testing or assessment engagements.
- Familiarity with COTS platform patching processes and how vulnerability findings map to patch remediation workflows.