Information Assurance Security Specialist (Vulnerability Assessment Analyst)

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Data Science, Engineering, Mathematics, or a closely related discipline or equivalent practical experience (as permitted by the contract).
• Minimum 4 years of relevant experience supporting enterprise IT environments, with demonstrated work aligned to Information Assurance.
• At least one: CGRC/CAP, CASP+, Cloud+, PenTest+, Security+, or GSEC.
• Must be able to obtain and maintain Public Trust suitability and all required system access (e.g., CAC-enabled accounts) to perform duties.
• This position is aligned to applicable DoD Manual 8140.03 work role 803 (NIST: OV-PM-003); contractor personnel must meet DoD 8570.01-M baseline certification requirements and transition to DoD Manual 8140.03 work role requirements, including required training, knowledge, skills, abilities, and tasks, within Government-directed timelines.

Nice To Haves

• Alternate/equivalent certifications may be accepted with Government approval.
• Preferred/Work-center dependent: Microsoft Certified: Azure Administrator Associate or Microsoft Certified: Windows Server Hybrid Administrator Associate.

Responsibilities

• Support the mission of the Information Systems Security Officer by ensuring network resources comply with DoD IA security policies, vulnerability alerts, IAVAs, and other technical advisories identified by USCYBERCOM (United States Cyber Command)/DHA.
• Perform IA scans of network enterprise devices using SCC (SCAP Compliance Checker), manual checks, DISA STIG Viewer, ACAS (Assured Compliance Assessment Solution) Nessus Scanner, ACAS Security Center, and MECM.
• Perform routine and random testing of servers and devices to ensure security compliance.
• Validate deployed security patches and solutions to ensure proper installation and function; verify remediation effectiveness following patching, configuration changes, or compensating controls.
• Maintain and validate asset lists within ACAS and eMASS (Enterprise Mission Assurance Support Services).
• Maintain credentialed scan coverage by resolving non-credentialing, dead, or misconfigured assets and addressing scan failures and access issues.
• Administer, record, and support upkeep of network resources and implemented changes as reported by CMRS (Continuous Monitoring and Risk Scoring)/ACAS/other scanning tools.
• Identify and drive resolution of discovered discrepancies and security vulnerabilities (missing patches, gaps in network security) through required DHA offices and service functions.
• Create, maintain, and follow POA&Ms (Plans of Action & Milestones) through resolution for issues requiring additional time for testing, solutions development, team collaboration, and deployment to include risk mitigation statements and milestone dates.
• Track and report vulnerability status, trends, and remediation progress to support Government oversight and decision-making, including leadership visibility for priority vulnerabilities and taskings.
• Report security violations and incidents up the chain of command within established timeframes; reply and report to security and associated taskers.