Vulnerability Management Analyst - Information Security Specialist 2

THE POSITION

NOTE: THIS IS A REPOSTING OF CSSC-2026-44930-01518. IF YOU APPLIED UNDER THE PREVIOUS POSTING WHICH WAS OPEN FROM APRIL 2, 2026 TO APRIL 15, 2026, YOU CANNOT SUBMIT A NEW APPLICATION.

If you are looking to further your IT security career, we are looking for you! Join the Enterprise Information Security Office as a Vulnerability Management Analyst (Information Security Specialist 2) where you will serve as the primary conductor of vulnerability scanning and vulnerability management. Work involves implementation, deployment and use of host and application scanning technologies. Do not miss this opportunity to actively participate in actions that reduce the threat landscape and help reduce risk to the Commonwealth and its public service data.

DESCRIPTION OF WORK

As a Vulnerability Management Analyst, you will be responsible for ensuring every asset with an IP address receives a scan or assessment based on Commonwealth and agency specifications. Work involves troubleshooting problems that may arise from scans or from scans not working appropriately, reviewing network configurations to ensure all assets receive an appropriate scan, and managing network and cloud-based scanners and agents. Our team will rely on you to actively search out assets that are not being scanned and ensure future scans address the assets or networks in question.

You can expect to review data returned from scans and from other sources to reduce vulnerabilities and risk to the Commonwealth. This position provides executive and technical reports to system and application owners. You will have the opportunity to assist other analysts that are involved with application-level scanning. This is in the form of SAST (static analysis security testing), SCA (software composition analysis) and DAST (dynamic application scanning technology) scanning technologies. Attending meetings as a subject matter expert in the field of vulnerability scanning or vulnerability management will be included in your duties.

Interested in learning more? Additional details regarding this position can be found in the position description.

Work Schedule and Additional Information:

• Full-time employment
• Work hours are 8:00 AM to 5:00 PM, Monday - Friday, with 60-minute lunch.
• Telework: You may have the opportunity to work from home (telework) part-time. Position will be required to work in the office two days per week. In order to telework, you must have a securely configured high-speed internet connection and work from an approved location inside Pennsylvania. If you are unable to telework, you will have the option to report to the headquarters office in Harrisburg. The ability to telework is subject to change at any time. Additional details may be provided during the interview.
• Salary: In some cases, the starting salary may be non-negotiable.
• You will receive further communication regarding this position via email. Check your email, including spam/junk folders, for these notices.

REQUIRED EXPERIENCE, TRAINING & ELIGIBILITY

QUALIFICATIONS

Minimum Experience and Training Requirements:

• One year as an Information Security Specialist 1 (Commonwealth job title or equivalent Federal Government job title, as determined by the Office of Administration); or
• Three years of experience performing technical work in information technology security, and an associate's degree in any information technology field; or
• One year of experience performing technical work in information technology security, and a bachelor's degree in any information technology field; or
• An equivalent combination of experience and training.

Additional Requirements:

• Must possess three or more years of full-time professional experience with vulnerability scanning or management of vulnerability scan data.
• Must possess at least one of these Armis certifications: Foundations, ASQ Basics, ASQ Advanced, Devices and Policies Risk, Tenable One Exposure Management Platform or Tenable Vulnerability Management.
• You must meet the PA residency requirement. For more information on ways to meet PA residency requirements, follow the link and click on Residency.
• You must be able to perform essential job functions.

Legal Requirement:

• You must pass a background investigation and meet Criminal Justice Information Services (CJIS) compliance requirements.
• A conditional offer of employment may