Senior Vulnerability Management Analyst

For more details, please connect with Ibad Ullah Khan at 971-431-1753 or email at ibadk@vgroupinc.com

End Client: New York City Department of Social Services

Job Title: Senior Vulnerability Management Analyst

Duration: 36 - 60 Months

Start Date: ASAP

Location: 505 Clermont Ave, 3rd Floor, Brooklyn NY 11238

Position Type: Contract

Interview Type: Webcam

Ceipal ID: NYC_CYBE482_IK

Requirement ID: BID-DSS-ITS-C-20260325-1-30

PROJECT NAME: The Data Center Colocation and Migration

Project Overview : NYC DSS is undertaking a large-scale Data Center Co-location and Migration Project to modernize its IT infrastructure. Approximately 90% of current data center infrastructure is reaching End-of-Life (EOL) / End-of-Support (EOS)Migration from 15 MetroTech Center to 11 MetroTech (Brooklyn, NY) Consolidation of multiple data centers into a single co-location facility

Objective:

• To ensure continuous monitoring, auditing, and remediation of security risks affecting DSS infrastructure components being migrated, decommissioned, or integrated within the hybrid environment, maintaining agency security posture during the transition.

Scope:

• Scan and Assess agency assets in all locations and environments that are part of he DC migration project.
• Execute vulnerability scans for migrating systems, validate risk scores, and recommend remediation for in-scope hardware/software.
• Develop and maintain dashboards in Rapid7 tailored for tracking migration-phase vulnerabilities.
• Script and automate vulnerability reporting across all locations and environments.

Tasks Breakdown:

• Perform vulnerability & exposure management scanning on devices.
• Conduct a comprehensive risk assessment of the current environment to identify and document potential vulnerabilities associated with this migration.
• Categorize and prioritize data based on its sensitivity to tailor security controls, accordingly, employing methods like encryption for sensitive data both at rest and in transit.
• Create a detailed inventory of all IT assets slated for migration, including applications, databases, servers, and network devices.
• Map dependencies between applications and infrastructure components to maintain functionality and minimize security risks during and after the migration.
• Conduct thorough security audits and vulnerability assessments after the migration to identify and address any newly emerged vulnerabilities in the new environment.
• Interpret CVE data to prioritize threats in live & staged environments.
• Document for auditability and incident prevention related to the data migration effort.
• Script PowerShell tools to automate asset reclassification and reporting.

Required Skills

• 5 years of hands-on experience with Rapid7 InsightVM, and ability to prioritize vulnerabilities based on exploitability, business impact, and criticality
• 5 years of experience setting up remediation projects, running advanced queries, exporting data in Rapid7, and performing analysis in Excel using pivot-tables
• 5 years of hands-on experience with IT Service Management software including ServiceNow (creating tickets, searching, updating, attaching files, researching SLA, creating child-parent ticket pairs)
• 5 years of strong foundational understanding of general IT concepts, with hands-on familiarity across Windows, Unix, and Linux server environments, core networking principles, virtualization technologies such as VMware, and exposure to enterprise platforms including Oracle and IBM systems