BRMi Technology is seeking a Desktop Risk & Vulnerability Analyst to support a large client in either Northern Virginia. The Desktop Governance & Compliance group ensures our clients wide ranging end-user computing environment maintains operational efficiency and stability in a secure technical environment by:
• Governing standards and processes to achieve IT and business objectives
• Identifying and mitigating risks and vulnerabilities to increase clients security posture
• Monitoring systems and controls to meet audit and regulatory requirements
Hours: Monday – Friday, 8:00 am to 4:30 pm EST, Telework Options Available
Click here to learn about BRMi's culture.
Click here to see BRMi’s Glassdoor reviews
• Build and maintain relationships with team members, management, key stakeholders and/or external contacts (vendors, etc.).
• Assess operational procedures (or lack thereof), identify hazards, and recommend and implement controls and monitor those controls.
• Review, track and manage various audit, risk & vulnerability assessments for the department.
• Collaborate with Information Security and respond to security and vulnerability assessments for desktop applications and operating systems.
• Support ISD efforts to continuously evaluate workstation security, data vulnerability, business continuity and compliance risks.
• Perform comprehensive analysis of vulnerability scan results, assign ownership, and perform remediation efforts.
• Review, file and manage security exceptions to ensure compliance with Information Security standards.
• Coordinate with stakeholders, management, and other groups to plan, and ensure, corrective actions are implemented to address identified vulnerabilities within SLAs.
• Provide support to address issues and escalations related to vulnerability findings, breaches, and/or remediation plans.
• Determine root cause for vulnerabilities by type and how to improve the front end processes to reduce the impact of future scans.
• Diagnose issues through technical analysis of hardware/software; take appropriate action.
• Document operating procedures for installations, configurations and /or administrative tasks.
• Develop metrics and reporting; performs data analytics and trend analysis to measure performance and identify improvement opportunities.
• Perform qualitative and quantitative analysis using analytical techniques, tools, models, simulation.
• Prepare reports and presentations for senior management.
• Train team members and/or peers on functional processes and procedures.
• Evaluate, select and adapt standard techniques, procedures and criteria.
• Full life–cycle project management:
o Establish and lead project teams
o Develop project plan/scope/schedule/cost/communications
o Procure and/or manage resources/timelines/deadlines/quality
o Risk, Issue and Change management
o Ensure successful project implementation
o Scope of responsibility
• Bachelor's degree in Business Administration, Information Technology, Risk Management, Cybersecurity or related field, or the equivalent combination of education, training and experience.
• 2+ years of IT work experience in a risk and vulnerability management capacity.
• Experienced with ServiceNow Vulnerability Response, ServiceNow GRC, Rapid 7, Sharepoint, Microsoft Word, Microsoft Excel and Power BI Data Analytics, Windows 10, MECM (Microsoft Endpoint Configuration Manager), Jamf, Defender for Endpoint.
• Experience with NIST and ISO Risk Management Framework, hardening guidelines and security controls on desktop platforms and devices.
• Experience reviewing and analyzing vulnerabilities, assessing the level of risk, and ability to provide reasonable recommendations for remediation.
• Experience with network security concepts and principles
• Experience with Endpoint operating system security
• Experience in multiple platforms Citrix, Windows, & MAC.
• Experience in project coordination and meeting facilitation.
• Effective communication and documentation skills to write technical and end-user documentation.
• Ability to work independently and in a team environment.
• Experience in leading, guiding and mentoring others.
• Strong communication and presentation skills when presenting findings, conclusions, and other information to a variety of audiences.
• Significant experience in diagnosing and troubleshooting IT system issues and presenting technical solutions and/or recommendations.
• Advanced knowledge of technical inter–relationships between software/hardware and desktop/LAN/Host systems.
• Advanced organizational, planning and time management skills with the ability to prioritize and execute.
• Advanced research, analytical, and problem solving skills. Ability to apply professional-level functional knowledge to identify and solve moderately complex problems.
• CISSP, CCNP Security certification.
** BRMi will not sponsor applicants for work visas for this position.**
**This is a W2 opportunity only**
We are an equal opportunity employer that values diversity and commitment at all levels. All individuals, regardless of personal characteristics, are encouraged to apply. Employment policies and decisions on employment and promotion are based on merit, qualifications, performance, and business needs. The decisions and criteria governing the employment relationship with all employees are made in a nondiscriminatory manner, without regard to race, religion, color, national origin, sex, age, marital status, physical or mental disability, medical condition, veteran status, or any other factor determined to be unlawful by federal, state, or local statutes.