CyberSecurity - Vulnerability Assessment Analyst II

About The Position

Requirements

• Secret Clearance, Must Have Clearance to Start
• IAT2 Certification
• Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or a related technical field.
• Must meet DoD 8140/8570.01–M requirements for Information Assurance Technical (IAT) Level II (e.g., CompTIA Security+ CE, CySA+, or equivalent).
• 2-3 years of professional experience in cybersecurity, with at least 1 year actively performing vulnerability assessments in a DoD or Army IT environment.
• Hands-on experience operating ACAS (Tenable.sc/Nessus) and applying DISA STIGs using the SCAP toolset.
• Demonstrated ability to generate, validate, and assess Plans of Action and Milestones (POA&Ms) for IT systems.
• Must support all aspects of the Risk Management Framework (RMF), leveraging eMASS and other Customer-utilized systems to ensure Cyber vulnerability controls are successfully maintained and sustained.
• Ability to provide technical oversight and risk mitigation recommendations, clearly conveying industry best-practice remediations to the Customer verbally and in formal written formats.
• Deep understanding and working familiarity with Continuous Monitoring (CONMON) practices, policies, and execution is required.

Nice To Haves

• Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP+), or ACAS-specific training certificates.
• Familiarity with Army-specific cyber regulations (e.g., AR 25-2).
• Experience using PowerShell, Python, or Bash to automate vulnerability data parsing or compliance checking.
• Demonstrated ability to evaluate and recommend automation capabilities to processes to formalize and standardize validation and reporting, as well as design innovative approaches to displaying data analytics for an in-depth understanding of potential issues related to the Customer’s Systems.
• Experience with Agile project management methodologies, DoD Records Management tenets, and the ability to innovate in a highly fluid, fast-paced environment.

Responsibilities

• Execute routine and ad-hoc vulnerability, compliance, and discovery scans using DoD-mandated tools such as the Assured Compliance Assessment Solution (ACAS) / Tenable Nessus and SCAP Compliance Checker.
• Analyze scan results to identify false positives, evaluate risk levels, and generate actionable vulnerability reports, dashboards, and Contract Data Requirements List (CDRL) deliverables for Army leadership.
• Collaborate directly with Systems Administrators, Network Engineers, and Information System Security Officers (ISSOs) to provide technical guidance on patching, remediation, and mitigation strategies.
• Track and enforce compliance with Information Assurance Vulnerability Alerts (IAVAs), Security Technical Implementation Guides (STIGs), and Army Cyber Command (ARCYBER) directives.
• Assist in the configuration, troubleshooting, and maintenance of the vulnerability scanning infrastructure (e.g., Security Center, Nessus scanners) within an Impact Level 5 (IL5) or secure enclave environment.
• Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
• Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
• Basic understanding and ability to identify vulnerabilities and risk levels. Must be able to assist Level 1 analysts.