Position Overview:
The Office of the Inspector General (OIG) at the U.S. Department of Health and Human Services (HHS) is seeking a highly skilled Cybersecurity Vulnerability Remediation Engineer. The ideal candidate will focus on identifying, assessing, and remediating vulnerabilities across both cloud and on-premises systems and applications. This role is critical in ensuring the security and integrity of HHS OIG's IT infrastructure and safeguarding sensitive health and personal data.
Key Responsibilities:
· Vulnerability Assessment and Management:
o Conduct regular vulnerability assessments on cloud and on-premises systems.
o Utilize industry-standard tools and techniques to identify security vulnerabilities.
o Analyze the severity and potential impact of identified vulnerabilities.
· Remediation Planning and Implementation:
o Develop and implement comprehensive remediation plans to address identified vulnerabilities.
o Collaborate with system and application owners to ensure timely and effective remediation.
o Test and verify the effectiveness of remediation actions.
· Incident Response:
o Assist in the investigation and resolution of security incidents related to vulnerabilities.
o Provide technical expertise during incident response activities to mitigate and contain threats.
· Security Best Practices:
o Develop and promote best practices for vulnerability management and remediation.
o Provide guidance and training to internal teams on vulnerability remediation processes.
o Stay updated on the latest cybersecurity threats, vulnerabilities, and mitigation strategies.
· Documentation and Reporting:
o Maintain detailed records of vulnerability assessments, remediation efforts, and outcomes.
o Generate regular reports on the status of vulnerability management and remediation activities.
o Communicate findings and recommendations to senior management and stakeholders.
Required Qualifications:
· Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.· At least 5 years of experience in cybersecurity, with a focus on vulnerability management and remediation.· Strong knowledge of cloud security (AWS, Azure, Oracle) and on-premises security practices.· Proficiency in using vulnerability assessment tools (e.g., Sonarqube, Crowdstrike, Splunk, etc).· Experience with security information and Authority to Operate (ATO) compliance.· Strong analytical and problem-solving skills.· Excellent communication and collaboration abilities.· Relevant certifications (e.g., CISSP, CEH, CISM) are highly desirable.
Preferred Qualifications:
· Master’s degree in a related field.· Experience working in a government or healthcare environment.· Familiarity with compliance requirements such as HIPAA, FISMA, and FedRAMP.· Knowledge of scripting languages (e.g., Python, PowerShell) for automation of remediation tasks.