IT Vulnerability Systems Engineer

• CURRENT PENN STATE EMPLOYEE (faculty, staff, technical service, or student), please login to Workday to complete the internal application process. Please do not apply here, apply internally through Workday.

• CURRENT PENN STATE STUDENT (not employed previously at the university) and seeking employment with Penn State, please login to Workday to complete the student application process. Please do not apply here, apply internally through Workday.

• If you are NOT a current employee or student, please click "Apply" and complete the application process for external applicants.

JOB DESCRIPTION AND POSITION REQUIREMENTS:

Responsibilities include:

• Vulnerability Assessment: Optimize vulnerability management technology ecosystem, mature IT service management processes, and execute data-driven vulnerability management practices to meet CMMC, DISA and DCSA requirements by planning, coordination, and execution of regular scans and assessments of the organization's endpoints and infrastructure resources on various networks and operating systems to identify, prioritize, and remediate security vulnerabilities; identify and prioritize vulnerabilities based on their potential impact within their specific environment

• Reporting and Documentation: Prepare and present data-driven reports to leadership on remediation efforts and overall security posture to leadership, stakeholders, and operational teams

• Compliance: Ensure vulnerability standards comply with DoD requirements

• Collaboration: Collaborate with leadership, operations teams, and stakeholders to develop data-driven risk assessment and work to implement strategies that improve our compliance posture while focusing on automation and efficiency

• Subject Matter Experience: Assured Compliance Assessment Solution (ACAS) subject matter experience with a deep understanding of how to translate vulnerability data into successful operational team execution

• IT Service Management: Manage the overall vulnerability management service across multiple networks and operating systems, with a focus on endpoint remediation strategy

• Tool Management: Align operations and coordinate continuous improvement of Tenable Security Center, Tenable Nessus, and Tenable Nessus Agent across various networks and operating systems

Minimum requirements include a Bachelor's degree; 3+ years of related experience or an equivalent combination of education and experience.

Required skills/experience areas include:

• Tenable Security Center and Nessus

• Windows and Linux operating systems

• IT security related policies and frameworks such as CMMC, NISPOM, DAAPM, FAR/DFARS regulations, and NIST 800 frameworks

• IT security operational standards such as POA&M, SCAP, STIG, CIS, VSS, and VPR

Preferred skills/experience areas include:

• ACAS certified

• Current eligibility for access to classified information at the Top Secret (Tier 5) level or higher and may be subject to a government background investigation to upgrade clearance eligibility, if required

Your working location will be on-site, located in State College, PA, but with project-dependent ability for hybrid work.Questions related to flexible work should be directed to the hiring manager during the interview process.

You will be subject to a government security investigation, and you must be a U.S. citizen to apply. Employment with the ARL will require successful completion of a pre-employment drug screen.

FOR FURTHER INFORMATION on ARL, visit our web site at www.arl.psu.edu.

**The proposed salary range may be impacted by geographic differential.**

The salary range for this position, including all possible grades is:

Salary Structure - additional information on Penn State's job and salary structure.

CAMPUS SECURITY CRIME STATISTICS: