Okta for Developers · 1 day ago
Staff Vulnerability Management Analyst - Federal
Syracuse-Auburn Area
Full-time
Onsite
Senior Level, Lead/Staff
$180K/yr - $270K/yr
5+ years expOkta is The World’s Identity Company, focused on providing secure access and authentication solutions. They are seeking a Staff Vulnerability Management Analyst to strengthen their security posture by managing the Vulnerability Management Program and collaborating with engineering teams to mitigate risks.
Computer Software
No H1B
U.S. Citizen Only
Responsibilities
Own the full lifecycle operations of Asset and Vulnerability Management scanning and reporting infrastructure, including designing new cloud based and on-prem deployments as required
Assess new and existing scan technologies to determine potential business value
Monitor and respond to security inquiries, requests, and incidents, understanding the technical details of the published vulnerabilities as well as their real risk. Effectively communicate the perceived and real vulnerability impact given the infrastructure context
Contribute to the definition and execution of internal processes that allow for accelerated remediation of critical vulnerabilities and zero-days
Support audit, governance, risk and compliance teams in scanning and reporting on various regulatory compliance and industry best practices including PCI, ISO 27001/27017/27018 , NIST SP 800-53 and SOC 2
Assist Okta’s Public Sector compliance team in their preparation and maintenance of POAMs (Plan of Action & Milestones) and Continuous Monitoring (ConMon) processes
Track and manage weaknesses or gaps in vulnerability related security controls, outlining tasks, required resources, milestones, and scheduled completion dates to achieve compliance with standards like NIST 800-171 and CMMC
Participate in other special projects or strategic initiatives at the direction of the Security team
Qualification
Required
5+ years of multifaceted cyber security experience in a technology-centric company
5+ years of experience in building vulnerability scanning solutions within a highly regulated environment such as FedRamp High, IL4, IL5 and/ or IL6
Current or previous Secret, Top Secret (TS) or Top Secret/Sensitive Compartmented Information (TS/SCI) clearance is a plus
Experience with commercial or open-source vulnerability and misconfiguration scanners and reporting tools regarding Infrastructure/ IP based Assets, Containers, CSPM and CNAPP. Examples: Qualys, Tenable, Prisma Cloud, Wiz, Orca, Lacework, Paramify, Atlassian Jira, ServiceNow etc
Functional knowledge of vulnerabilities, exploitation and remediation. You should be able to explain vulnerabilities and exploits as well as propose remediations for the most common vulnerabilities
Familiarity with industry standards, frameworks and publications such as CVE, CVSS, EPSS, OWASP and CISA KEV catalog
Proficiency in scripting and automation with Python. Familiarity with other scripting and automation tools is a plus
Experience working with AWS Lambda or similar serverless computing environments for automating vulnerability management scanning and reporting tasks
Proficiency in working with AWS services such as S3, DynamoDB, API Gateway, and others
Bachelor's degree in Computer Science, Computer Engineering, or equivalent experience
This position requires the ability to access federal environments and/or have access to protected federal data. As a condition of employment for this position, the successful candidate must be able to submit documentation establishing U.S. Person status (e.g. a U.S. Citizen, National, Lawful Permanent Resident, Refugee, or Asylee. 22 CFR 120.15) upon hire
Benefits
Health, dental and vision insurance
401(k)
Flexible spending account
Paid leave (including PTO and parental leave)
Company
Okta for Developers
Resources for developers using Okta’s Identity services: Okta's Customer Identity Cloud (aka Auth0 by Okta or CIC) and Workforce Identity Cloud (WIC).
1001-5000 employees
Funding
Current Stage
Late StageCompany data provided by crunchbase