|
Commonwealth of Pennsylvania |
|
|
POSITION DESCRIPTION FOR JOB POSTING |
|
|
Position Number: 00047176 |
Description Activated On: 2/27/2026 3:33:54 PM |
Position Purpose: Describe the primary purpose of this position and how it contributes to the organization’s objectives. Example: Provides clerical and office support within the Division to ensure its operations are conducted efficiently and effectively. This position serves as a Vulnerability Management Analyst. It is responsible for administrative and consultative tasks related to vulnerability scanning and vulnerability management. It will also strive to ensure to that all assets within the Commonwealth undergoes periodic reviews and that the risk to the Commonwealth is minimized. |
|
Description of Duties: Describe in detail the duties and responsibilities assigned to this position. Descriptions should include the major end result of the task. Example: Types correspondence, reports, and other various documents from handwritten drafts for review and signature of the supervisor. Serves as a primary conductor of vulnerability scanning and vulnerability management for the PSDC. This involves implementation, deployment and use of host and application scanning technologies. Will assist with the same conduct with other delivery centers and with the enterprise as needed. Ensure every asset with and IP address receives a scan/assessment based on Commonwealth and agency specifications. Troubleshoot problems that may arise from scans or from scans not working appropriately. Review network configurations to ensure all assets receive an appropriate scan. Management of network / cloud based scanners and agents. Actively search out for assets that are not being scanned and ensure future scans address the assets or networks in question. Review data returned from scans and from other sources to reduce vulnerabilities and risk to the Commonwealth. When requested, provide executive and technical reports to system and application owners from multiple scanning and reporting technologies. Assist other analysts that are involved with application-level scanning. This is in the form of SAST (static analysis security testing), SCA (software composition analysis) and DAST (dynamic application scanning technology) scanning technologies. Help manage information security tools and software suites. Assists the vulnerability management team in the implementation and enforcement of Information Security standards, policies, procedures, guidelines, and the design and implementation of information security strategies for the Commonwealth. Attend meetings as a subject matter expert in the field of vulnerability scanning or vulnerability management. Works collaboratively with staff, agencies and peers to further enterprise initiatives and objectives. Keeps up to date with vulnerabilities and exploits that are being utilized by attackers. Complies with established service management protocols and guidelines Generate knowledge documents for inclusion in an established knowledge management system. Travels are required, including overnight stays. Performs other duties as assigned |
Decision Making: Describe the types of decisions made by the incumbent of this position and the types of decisions referred to others. Identify the problems or issues that can be resolved at the level of this position, versus those that must be referred to the supervisor. Example: In response to a customer inquiry, this work involves researching the status of an activity and preparing a formal response for the supervisor’s signature. Makes decisions related to developing, implementing, administering, and maintaining system security standards, policies, procedures, and access to Commonwealth or agency systems to ensure the confidentiality, integrity, and availability of systems, networks, servers, and data; developing or modifying enterprise security plans and enterprise security assessment, auditing policies and procedures; implementing Commonwealth security policies; managing project implementations; advising security team members, agency personnel, and agency security managers on security related matters; identifying security threats, addressing incidents via established IRP processes and procedures, and developing counter measures through the use of appropriate technologies; and developing business intelligence security reports to keep senior level managers informed of system-wide security issues and programs. Work involves providing consultative expertise to the Commonwealth CISO on the most complex information security related matters. Employees in this job will interact with the Commonwealth's CISO, security team members, business leaders, and other entities. |
||||||||||||||||||||
Requirements Profile: Identify any specific experience or requirements, such as a licensure, registration, or certification, which may be necessary to perform the functions of the position. Position-specific requirements should be consistent with a Special Requirement or other criteria identified in the classification specification covering this position. Example: Experience using Java; Professional Engineer License Experience: Licenses, registrations, or certifications: 1. N/A 2. N/A 3. N/A 4. 5. 6. |
||||||||||||||||||||
Essential Functions: Provide a list of essential functions for this position. Example: Transports boxes weighing up to 60 pounds.
|