Title: Web Application Vulnerability Services Specialist

State Role Title: Info Technology Specialist II

Hiring Range: $80,000 - $100,000

Pay Band: 5

Agency: VA Information Tech Agency

Location: VA Information Technologies

Agency Website: https://www.vita.virginia.gov/

Recruitment Type: General Public - G

Job Duties

The Virginia Information Technologies Agency (VITA) is excited to offer a competitive opportunity to serve as a Web Application Vulnerability Services Specialist with the Cybersecurity Risk Management Division.

The Web Application Vulnerability Services Specialist functions as a primary contact to schedule, manage, and conduct web application scans as required by the Commonwealth Web Application Vulnerability Service. This service provides vulnerability scanning, identification, intelligence, research, and reporting for web applications in use by state agencies.

This position manages the web application vulnerability scanning platform at the direction of the Web Application Vulnerability Service Lead.

This position will work with customers to investigate, remediate, and validate web application vulnerabilities.

This position works in a fast-paced environment, requires the ability to meet deadlines, interpret and apply federal and state laws/regulations/standards/policies, communicate with both internal and external stakeholders at all levels of management, and provide solutions to stakeholders to increase the security of their systems.

Join VITA at The Boulders in Richmond, VA, where innovation meets impact! As the Commonwealth’s leading IT agency, we’re connecting, protecting, innovating, and powering Virginia’s digital future through collaboration, creativity, and purpose. Our team thrives in a vibrant, customer-focused environment that values growth, accountability, and forward thinking — all while making technology work for every corner of Virginia.

Minimum Qualifications

Considerable experience and knowledge in the identification, evaluation, and presentation of web application or system vulnerabilities.

Considerable experience and knowledge in one or more of the following: Enterprise Helpdesk, System administration (Windows and Linux), TCP/IP networking, network administration, web server administration, web app development, Security Operations Center (SOC), vulnerability management.

Considerable experience and knowledge with common web application security scanning and analysis tools such as: Acunetix, Burp Suite, Fiddler, NMAP, SQL Map, OWASP ZAP, GreenBone or Nessus.

Considerable experience with Microsoft Office productivity products (Excel, Word, PowerPoint, Outlook, Teams).

Experience in meeting deadlines.

Experience working with internal and external stakeholders.

Experience with interpretation and application of federal, state laws/regulations/standards/policies.

Additional Considerations

Experience and knowledge using scripting lanaguage such as python and/or bash.

Experience with containerization platforms (Docker/Portainer/K8/OpenShift/Podman/ect).

Experience with version control software (git*/github/gitlab/ect).

Experience with EMC’s Archer GRC helpful.

Experience with or working knowledge of WAF technologies.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

This position is eligible for one (1) day telework.

Applicants must consent to a fingerprint background check.

This position requires the ability to obtain and maintain a security clearance. Candidates must meet all eligibility requirements for access to classified information.

The Commonwealth of Virginia welcomes all applicants authorized to work in the United States. Sponsorship is not provided; therefore, applicants must be a citizen or national of the U.S., a Lawful Permanent Resident, or an alien authorized to work.

State applications and/or resumes will only be accepted as submitted online by 11:55 p.m. on the closing date through the state applicant tracking system. We will not accept applications, resumes, cover letters, etc. in any other format. Please refer to “Your Application” in your PageUp account to check the status of your application for this position. The decision to interview an applicant is based on the information provided in the application and/or resume.

Reasonable accommodations are available to persons with disabilities during the application and/or interview processes per the Americans with Disabilities Act.

VITA is a “Virginia Values Veterans” (V3) official certified state agency that provides hiring preference to Veterans and Members of the Virginia National Guard in support of Executive Order 29, (2010). If you are a Veteran or Virginia National Guard Member, we encourage you to apply and receive preference in the hiring process. AmeriCorps, Peace Corps and other national service alumni also are encouraged to apply.

Contact Information

Name: VITA Human Resources

Phone: Recruitment@vita.virginia.gov

Email: Recruitment@vita.virginia.gov

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.