Vulnerability Manager - Information Security Specialist 2 opening / 18 month contract with the option to hire 10+ years of experience CISSP required CISM preferred Overview of Vulnerability Management: Checking for vulnerabilities: This process should include regular network scanning, firewalllogging, penetration testing or use of an automated tool like a vulnerability scanner. Identifying vulnerabilities: This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malwareattack or other malicious event has taken advantage of a security vulnerability, or could possibly do so. Verifying vulnerabilities: This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization. Mitigating vulnerabilities: This is the process of figuring out how to prevent vulnerabilities from being exploited before a patchis available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other work-arounds. Patching vulnerabilities: This is the process of getting patches -- usually from the vendors of the affected software or hardware-- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing