Security Vulnerability Team Lead
Apply NowCompany: RICEFW Technologies, Inc.
Location: Harrisburg, PA 17112
Description:
PennDOT seeks a SecurityVulnerability Team Lead
Candidate must pass PATCH + required Pennsylvania State Police background check and cannot have any felony offenses.
***Initial interview is virtual via Teams and follow up is on site (PennDOT IT, 2221 Forster Street, G13, Harrisburg, PA 1NA03).***
***This position is currently remote and locally in the office when required.***
***For first day processing, possible badging and to pick up commonwealth-issued equipment candidate must physically report on site. PennDOT is not responsible for parking costs.***
***Client wouldprefer candidates that reside within two hours of Harrisburg, PA.***
***This position requires someone with exceptional written and verbal communication skills.***
***This requisition's current PO is funded through 6/NA/NA, so use that date in the RTR. Contract end date is dependent on the final schedule and projected needs. Historically additional funding should then last a year and occur from 7/1/25-6/30/26.***
Overview
A minimum of 5 years of experience is required for the position as well as each of the technical skillsets.
This candidate serves as the Security Vulnerability TeamLead within the Information Security Office of Pennsylvania's Infrastructureand Economic Development IT Delivery Center (IED DC) which includes theDepartment of Transportation (PennDOT), PA Emergency Management Agency (PEMA)and the Department of Community and Economic Development (DCED).
Job Responsibilities
Requirements
Skill Required /Desired Amount of Experience Extensive experience with Tenable Security Center a must. Certifications are a plus Required 5 Years Familiarity with DAST tools such as Rapid 7 AppSpider Required 5 Years Technically proficient and experienced with Windows and Linux operating systems and system hardening Required 5 Years Knowledge of regulatory compliance standards relevant to cybersecurity Required 5 Years Experience with risk assessment methodologies and frameworks (e.g., NIST, FAIR) Required 5 Years Strong understanding of network protocols and technologies (e.g., OSI Model, TCP/IP, firewalls, intrusion detection systems) Required 5 Years Excellent soft skills such as listening, presenting, and negotiating Required 0 Must pass required Pennsylvania State Police background check and cannot have any felony offenses Required 0 Ability to work remotely/and locally when required Required 0 Professional oral and written communication skills Required 0 Questions
No. Question Question1 Resume wise, please do not include filler material (e.g. describing a company's core capabilities/description). Please only include relevant info (e.g. what was done at the job/project). Is this reflected in the resume? Question2 Client would prefer candidates within two hours of Harrisburg, 17NA. Where does your candidate reside (e.g. city/town, state)? Question3 If you elect to, please provide your candidate's e-mail address and phone number under Summary of Qualifications (seen in the Details tab). This should never be in the resume. Did you do that? Question4 This position is 40 hours per week. Is this understood? Question5 Inaccurate responses to the skills above will result in your company being omitted from future PennDOT requisitions. The skills (and applicable experience) must also be explicitly referenced in the candidate resume. Have you confirmed that the responses to the skills above are accurate and reflect the actual experience the candidate possesses? Question6 Do you understand, and will abide by, the provision in your subcontract with OST that it is PROHIBITED for government equipment to be taken or used outside of the United States by your contractors? The consequences of this occurring can and will result in repercussions to you, the prime vendor, regardless if the candidate works for a sub-vendor of yours. It will also result in immediate termination of the contractor, and make them ineligible for rehire in the program.
Candidate must pass PATCH + required Pennsylvania State Police background check and cannot have any felony offenses.
***Initial interview is virtual via Teams and follow up is on site (PennDOT IT, 2221 Forster Street, G13, Harrisburg, PA 1NA03).***
***This position is currently remote and locally in the office when required.***
***For first day processing, possible badging and to pick up commonwealth-issued equipment candidate must physically report on site. PennDOT is not responsible for parking costs.***
***Client wouldprefer candidates that reside within two hours of Harrisburg, PA.***
***This position requires someone with exceptional written and verbal communication skills.***
***This requisition's current PO is funded through 6/NA/NA, so use that date in the RTR. Contract end date is dependent on the final schedule and projected needs. Historically additional funding should then last a year and occur from 7/1/25-6/30/26.***
Overview
A minimum of 5 years of experience is required for the position as well as each of the technical skillsets.
This candidate serves as the Security Vulnerability TeamLead within the Information Security Office of Pennsylvania's Infrastructureand Economic Development IT Delivery Center (IED DC) which includes theDepartment of Transportation (PennDOT), PA Emergency Management Agency (PEMA)and the Department of Community and Economic Development (DCED).
Job Responsibilities
- Primary role is as the subject matter expert(SME) for the management and administration of the delivery center's vulnerabilitymanagement program.
- Conduct regular vulnerability assessments and teststo identify security weaknesses in systems and applications.
- Collaborate with compliance teams to ensureadherence to regulatory requirements and industry standards related to securityvulnerabilities.
- Coordinate with IT and development teams toprioritize vulnerabilities and ensure timely remediation actions are taken.
- Stay informed about the latest security trends,threats, and best practices to continuously improve the vulnerabilitymanagement process.
- Prepare and present vulnerability managementreports to senior management, highlighting key findings and recommendations.
- Provide training and awareness programs forstaff on security vulnerabilities and best practices for risk mitigation.
- Facilitate incident response activities relatedto vulnerabilities and coordinate with external partners as necessary.
- Demonstrates good judgement and problem-solvingskills. Reacts and adapts to changing circumstances rapidly.
- Leverages Commonwealth incident tracking andticketing systems to receive tasks from other units, delegate tasks to otherunits, prioritize daily tasks, document actions taken, and the final resolutionfor tasks completed.
- Provides on call and/or emergency support,including after-hours as needed.
- Adheres to established service managementprocesses and procedures.
- Performs all other related duties as assigned.
Requirements
- Extensive experience with Tenable SecurityCenter a must. Certifications are a plus.
- Familiarity with DAST tools such as Rapid 7AppSpider.
- Technically proficient and experienced withWindows and Linux operating systems and system hardening.
- Knowledge of regulatory compliance standards relevantto cybersecurity
- Experience with risk assessment methodologiesand frameworks (e.g., NIST, FAIR)
- Professional oral and written communicationskills.
- Strong understanding of network protocols andtechnologies (e.g., OSI Model, TCP/IP, firewalls, intrusion detection systems)
- Excellent soft skills such as listening,presenting, and negotiating
- Must pass required Pennsylvania State Policebackground check Cannot have any felony offenses
- Ability to work remotely/and locally whenrequired.
Skill Required /Desired Amount of Experience Extensive experience with Tenable Security Center a must. Certifications are a plus Required 5 Years Familiarity with DAST tools such as Rapid 7 AppSpider Required 5 Years Technically proficient and experienced with Windows and Linux operating systems and system hardening Required 5 Years Knowledge of regulatory compliance standards relevant to cybersecurity Required 5 Years Experience with risk assessment methodologies and frameworks (e.g., NIST, FAIR) Required 5 Years Strong understanding of network protocols and technologies (e.g., OSI Model, TCP/IP, firewalls, intrusion detection systems) Required 5 Years Excellent soft skills such as listening, presenting, and negotiating Required 0 Must pass required Pennsylvania State Police background check and cannot have any felony offenses Required 0 Ability to work remotely/and locally when required Required 0 Professional oral and written communication skills Required 0 Questions
No. Question Question1 Resume wise, please do not include filler material (e.g. describing a company's core capabilities/description). Please only include relevant info (e.g. what was done at the job/project). Is this reflected in the resume? Question2 Client would prefer candidates within two hours of Harrisburg, 17NA. Where does your candidate reside (e.g. city/town, state)? Question3 If you elect to, please provide your candidate's e-mail address and phone number under Summary of Qualifications (seen in the Details tab). This should never be in the resume. Did you do that? Question4 This position is 40 hours per week. Is this understood? Question5 Inaccurate responses to the skills above will result in your company being omitted from future PennDOT requisitions. The skills (and applicable experience) must also be explicitly referenced in the candidate resume. Have you confirmed that the responses to the skills above are accurate and reflect the actual experience the candidate possesses? Question6 Do you understand, and will abide by, the provision in your subcontract with OST that it is PROHIBITED for government equipment to be taken or used outside of the United States by your contractors? The consequences of this occurring can and will result in repercussions to you, the prime vendor, regardless if the candidate works for a sub-vendor of yours. It will also result in immediate termination of the contractor, and make them ineligible for rehire in the program.