Information Security - Vulnerability Management -

Information Security – Vulnerability Management

The Baltimore City Office of Information & Technology |  Baltimore, MD | Other

Apply Now
Job Description
Perks + Benefits
Company Culture Coverage

BCIT is looking for an information security engineer with a focus on vulnerability management. In this role, you will be responsible for implementation, operation, administration, and maintenance of the risk-based vulnerability management software platform used to scan, monitor, track, report, and remediate vulnerabilities on BCIT’s servers, workstations, and network devices. In addition, you will support the analysis of software/hardware vulnerabilities and the impact those vulnerabilities could have on BCIT systems. You will utilize your expertise to prioritize vulnerabilities to be in line with BCIT business objectives, formulate and track fix actions for technical teams, and contribute to the mitigation strategies that can be implemented prior to the release of fix actions. This is a challenging role within a growing information security team.  It’s an opportunity to perform as a vulnerability management subject matter expert, while broadening your skills in an enterprise wide information security policy and compliance program.

Primary Responsibilities:

·         Implement, operate, administer, and maintain BCIT’s risk-based vulnerability management capabilities.

·         Conduct and manage vulnerability scans of all Enterprise endpoints and servers.

·         Troubleshoot and diagnose any issues that may arise form vulnerability scans.

·         Provide expertise and operational planning support for implementing risk-based vulnerability management metrics and scorecards.

·         Document the vulnerability management processes.

·         Provide notification of potential threats and assess the impact to our environment by tracking vulnerabilities and exploits, internal to BCIT and globally.

·         Research issues related to installation of patches and provide guidance.

·         Track, document, and convey system, network, and application vulnerabilities as well as real-time patch management capability.

·         Monitor the progress of vulnerability remediation activities and provide regular status updates to Agency leadership.

·         Support security engineering assessments on new systems and major upgrades as bandwidth allows.

Basic Qualifications

·         Bachelor’s Degree or equivalent in computer engineering/science.

·         2 plus years of experience reviewing vulnerabilities and developing mitigation strategies.

·         2 plus years of experience administrating vulnerability management solutions

·         Ability to review system changes for potential vulnerabilities and recommending improvements.

·         Understanding of information security Risk Management Framework (RMF) methodologies.

·         Previous tools experience working with, SolarWinds Network Configuration Manager, Rapid7 InsightVM, Qualys, or equivalent toolsets.

·         Solid understanding of security fundamentals and information security control frameworks.

·         Technical understanding in the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication installation, or malware types), or intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, or open source information collection)

·         Good team player, self-confident, motivated, and independent, capable of working with little to no instructions.

·         Ability to multi-task and work under pressure in a fast-paced environment.

·         Attention to details and good problem-solving skills.


·         Advanced communications and presentations skills (verbal and written) enabling precise conveyance of information.


Apply Now
Read More
Health & Wellness Benefits
  • Dental
  • Disability Insurance
  • Health Insurance
  • Vision
Retirement & Stock Options Benefits
  • 401K
Vacation & Time Off Benefits
  • Generous PTO
  • Paid Holidays
  • Paid Sick Days

What is the internal culture like at BCIT?

BCIT’s mission serving the CIty of Baltimore fuels a sense of purpose across the organization. From Agile DevOps to the service desk to data and business intelligence, employees describe colleagues eager to help one another, ample on-the-job learning opportunities, and a robust social culture.

Pre-COVID, employees gathered for holidays and dessert days. Even working remotely, teams have continued holding “lunch-and-learn” learning sessions at lunch, and shorter, more informal chat sessions known as “chew and chats.”

BCIT emphasizes hard work and flexibility: Team members are expected to step up for a wide range of tasks. At the same time, BCIT offers robust support for professional development and further education.

“I had a full-time scholarship at the University of Maryland. They were very flexible in allowing me to continue to work and do my endeavor,” IT specialist Markesia Davis said. “‘This is what you want to do, let’s figure out a way to move you forward.’ So there’s always growth — it’s limitless.”


What background should we know about BCIT?

The City of Baltimore is making more investment in infrastructure needs and staffing to assist BCIT in building sustainability, resilience and implement best practices.  As a result we are seeing unprecedented growth and we have more opportunities than ever.


Why is working at BCIT a great opportunity?

You get to be a part of something that directly impacts the citizens of Baltimore, improving everyday life. The office is evolving and implementing best practices and creative solutions.   There is so much opportunity for individuals that are ready to innovate, build efficiencies and work collaboratively with our team, stakeholders and the citizens of Baltimore.


Tell us a little bit more about the perks of working at BCIT.

There’s of course the shared mission, and the learning opportunities and social culture. Employees also especially enjoy the supportive environment at BCIT. They describe colleagues and supervisors ready to help one another, a strong team atmosphere, and a culture where knowledge is rewarded.

“They help me out; they’re very nice about it. There’s a good team attitude at our place,” cybersecurity analyst Nelson L. said. “This is one of the first jobs where the people, the managers above me, actually know their stuff.”

Employees describe an inclusive workplace, too: “I love that I’m looked at not just for my skin color or my gender, but for my skill,” Davis said.


What makes working at BCIT unique?

BCIT supports city agencies and infrastructure serving more than 600,000 citizens. That’s different than at a bank or consulting firm.

“You’re helping out the City of Baltimore. You’re helping keep it safe,” Nelson said.”Doing work for the public good is something that I enjoy doing.”

He was especially impressed by the range of tools at the cybersecurity team’s disposal. “There’s all this good software and programs that, in my line of work, not every institution has them, especially private institutions,” Nelson said. “That’s one of the things that will make my career and resume more valuable. It exposes me to a lot more.”


What is a common misperception of BCIT?

That the agency is stagnant or that it’s business-as-usual. BCIT has done tremendous work to transform the service that we provide and we are on track to become a resource that provides the best solutions for our customers. Its stakeholders are beginning to share that they’ve noticed.


What does BCIT look for in an employee?

Employees are expected to take on a variety of tasks and challenges.

Davis, in IT, states: “Hardworking is something that you definitely need to be, and flexible,” she said. “A year ago, we had a ransomware attack, and flexibility was key: Everyone that was doing a task took on a whole different task that you may have never done before. But as long as you have the flexibility and the open-mindedness to do it, you could do it.”

The cybersecurity team in particular looks for candidates with a background in digital forensics and penetration testing. “Be familiar and keep up with how attacks are occurring, specifically with regard to municipalities,” Nelson said.

  • Accepted file types: pdf, png, jpg, docx, doc.

New jobs. Your inbox. Every week. Get it.