Threat Management Analyst

About the position The Virginia Information Technologies Agency (VITA) is excited to offer a competitive opportunity to serve as a Threat Management Analyst with the Commonwealth Security and Risk Management Division. The Threat Management Analyst will participate in all areas of the Threat Intel and Vulnerability Management Team. These include web application scanning, vulnerability management and threat intelligence. The analyst will function as a liaison between both internal and external customers. They will be translating highly technical information into terms that anyone can understand. They will use this skill to develop advisories on newly identified critical and/or zero-day vulnerabilities and emerging threats identified that impact COV systems and data. The analyst shall recommend best practices, security enhancements and notify management of on-going vulnerabilities and emerging threats. The analyst will also participate in the configuration and maintenance of the tools used by the Theat Intel and Vulnerability Management Team. Join VITA at The Boulders in Richmond, VA, where innovation meets impact! As the Commonwealth’s leading IT agency, we’re connecting, protecting, innovating, and powering Virginia’s digital future through collaboration, creativity, and purpose. Our team thrives in a vibrant, customer-focused environment that values growth, accountability, and forward thinking — all while making technology work for every corner of Virginia.

Responsibilities

• Participate in all areas of the Threat Intel and Vulnerability Management Team, including web application scanning, vulnerability management, and threat intelligence.
• Function as a liaison between internal and external customers, translating technical information into understandable terms.
• Develop advisories on newly identified critical/zero-day vulnerabilities and emerging threats impacting COV systems and data.
• Recommend best practices and security enhancements.
• Notify management of ongoing vulnerabilities and emerging threats.
• Participate in the configuration and maintenance of tools used by the Threat Intel and Vulnerability Management Team.

Requirements

• Considerable experience/knowledge in the identification, evaluation and presentation of web application or system vulnerabilities.
• Considerable experience/knowledge in one or more of the following: Enterprise Helpdesk, System administration (Windows and Linux), TCP/IP networking, network administration, web server administration, web app development, Security Operations Center (SOC), vulnerability management.
• Considerable experience/knowledge with common web application security scanning and analysis tools such as: Acunetix, Burp Suite, Fiddler, NMAP, SQL Map, OWASP ZAP, GreenBone or Nessus.
• Considerable experience with Microsoft Office productivity products (Excel, Word, PowerPoint, Outlook, Teams).
• Experience in meeting deadlines.
• Experience working with internal/external stakeholders.
• Experience with interpretation and application of federal, state laws/regulations/standards/policies.

Nice-to-haves

• Experience/knowledge using scripting language such as python, bash.
• Experience with containerization platforms (Docker/Portainer/K8/OpenShift/Podman/etc.).
• Experience with version control software (git/github/gitlab/etc.).
• Experience with EMC’s Archer GRC helpful.
• Experience with or working knowledge of WAF technologies.

Benefits

• One (1) day telework eligibility.
• Hiring preference for Veterans and Members of the Virginia National Guard.
• Encouragement for AmeriCorps, Peace Corps and other national service alumni to apply.

Apply tot his job Apply To this Job