State of Ohio · 1 day ago
Lead Vulnerability Analyst
United States of America-OHIO-Franklin County
Full-time
Onsite
Mid, Senior Level
2+ years expThe Ohio Department of Administrative Services (DAS) is dedicated to supporting the state government's priorities and ensuring secure data and technology resources. The Lead Vulnerability Analyst will evaluate IT policies and practices, lead cybersecurity projects, and develop solutions to enhance the agency's cybersecurity posture.
Automotive
Responsibilities
Leads IT driven change effort
Participates in &/or leads activities to achieve project tasks/meet deadline
Monitors & evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection
Participate in the development or modification of the computer environment cybersecurity program plans & requirements
Serves as project lead (engineer) for security projects
Assist in developing programs, projects, goals & priorities with manager &/or supervisor
Leads/participates in troubleshooting efforts for agency/enterprise incidents
Works with IT Architect staff, CIO or IT Managers to design solutions that meet the agency’s requirements
Assists analysis of the solution design’s business case
Authors’ portions of the solution business case
Leads/participates in agency/enterprise incidents response efforts
Plans & conducts formal mentorship & training activities for peers &/or lower-level staff via verbal instruction or technical documentation
Performs other duties as assigned
Qualification
Required
Completion of undergraduate core coursework in computer science; 24 mos. trg. or 24 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data
Or 12 mos. exp. as Enterprise Information Security Professional 1, 69981
Or equivalent of Minimum Class Qualifications For Employment noted above
Job Skills: Cybersecurity, Information Technology, Problem Solving, Critical thinking
Knowledge: Vulnerability Management
Knowledge: Content development
Knowledge: Different classes of attacks (e.g., passive, active, insider, close-in, distribution, etc.)
Knowledge: Different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], & third generation [nation state sponsored])
Knowledge: General attack stages (e.g., foot printing & scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
Knowledge: How traffic flows across the network [e.g., Transmission Control Protocol (TCP) & Internet Protocol (IP), Open System Interconnection Model (OSI), Information Technology Infrastructure Library, v3 (ITIL)]
Knowledge: IA principles & organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Knowledge: Interpreted & compiled computer languages
Knowledge: Agency specific local specialized system requirements (e.g., critical infrastructure systems that may not be used standard IT) for safety, performance, & reliability
Knowledge: Network access, identity & access management (e.g., public key infrastructure, PKI)
Knowledge: Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), & directory services
Knowledge: Network security architecture concepts including topology, protocols, components, & principles (e.g., application of Defense-in-Depth)
Knowledge: Agency penetration testing principles, tools, & techniques (e.g., core impact, metasploit, neosploit, etc.)
Knowledge: Programming language structures & logic
Knowledge: Agency relevant laws, policies, procedures, or governance as they relate to work that may impact critical infrastructure
Knowledge: System & application security threats & vulnerabilities (e.g., buffer overflow, mobile code, cross-site)
Knowledge: Understand regulatory compliance & audit standards
Skills: Applying host/network access controls (e.g., access control list)
Skills: Assessing the robustness of security systems & designs
Skills: Conducting vulnerability scans & recognizing vulnerabilities in security systems
Skills: Evaluating the trustworthiness of the supplier &/or product
Skills: Mimicking threat behaviors
Skills: Performing damage assessments
Skills: Performing packet-level analysis (e.g., Wireshark, tcpdump, etc.)
Skills: Use of penetration testing tools & techniques
Skills: Use of social engineering techniques
Skills: Network analysis tools to identify vulnerabilities. (e.g. Qualys, Nessus, etc.)
Skills: Using application analysis tools to identify vulnerabilities. (e.g. Checkmarx, Qualys, etc.)
Abilities: Interpret & incorporate data from multiple tool sources
Abilities: Identify & Gather facts & formulate reasonable explanation & valid conclusions
Abilities: Work in a team environment
Abilities: Successfully pass the State of Ohio Computer [SOCC] background check
Benefits
Medical Coverage
Free Dental, Vision and Basic Life Insurance premiums after completion of eligibility period
Paid time off, including vacation, personal, sick leave and 11 paid holidays per year
Childbirth, Adoption, and Foster Care leave
Education and Development Opportunities (Employee Development Funds, Public Service Loan Forgiveness, and more)
Public Retirement Systems (such as OPERS, STRS, SERS, and HPRS) & Optional Deferred Compensation (Ohio Deferred Compensation)
Company
State of Ohio
Employment with the State of Ohio is more than ‘just a job’ – it is a privilege to serve our families, friends and neighbors who rely on us throughout our great state.
10001+ employees
Funding
Current Stage
Late StageLeadership Team
Beverlyn Johns, MS
Deputy Chief Operating Officer
Holly Drake
State Chief Information Security Officer
Recent News
2025-08-26
2025-08-06
Company data provided by crunchbase