Mid Vulnerability Assessment Analyst

Northern Technologies Group, Inc.•Colorado Springs, CO

About The Position

Position Summary The Senior Network Engineer supports the Missile Defense Agency (MDA) under the Integrated Research and Development for Enterprise Solutions (IRES) contract. The role involves network design, configuration, installation, testing, troubleshooting, and sustaining IT network and boundary protection systems. This position requires technical expertise in routers, switches, firewalls, and DoD boundary protection technologies. Essential Duties and Responsibilities Perform Defensive Cyber Operations (DCO)/Cyber Security Service Provider (CSSP) duties outlined in Evaluator Scoring Metrics (ESM). Conduct proactive and reactive cybersecurity actions to improve enterprise-wide security posture. Perform and analyze vulnerability scans using Prisma and ACAS/Nessus. Analyze assets, threat, and vulnerability data against known adversary exploits. Support development and updates of DCO procedures, manuals, and documentation. Support anti-malware operations, respond to malware reports, and assist in implementing protective measures. Support host-based security across the enterprise using DoD ESS capabilities. Generate vulnerability assessment reports for customers and escalate as needed. Create and manage ESS/ACAS queries and dashboards. Support enterprise Incident Response IAW DoD regulations. Lead cyber events and incident investigations from start to finish. Mentor and train junior DCO analysts.

Requirements

Must be a U.S. Citizen.
Must possess an active Secret security clearance.
6+ years full-time general work experience (may be reduced with advanced education).
4+ years combined experience in vulnerability scanning, cybersecurity frameworks, risk assessment, and enterprise incident response.
1+ year leadership or management experience.
1+ year experience performing vulnerability scans with enterprise tools.
Experience using ACAS/Nessus and vulnerability scanning platforms.
Experience with cybersecurity frameworks and conducting risk assessments.
Experience performing full lifecycle incident response.
DoD 8570.01-M IAT Level II certification (CySA+, GICSP, GSEC, Security+ CE, SSCP).
CSSP Auditor certification (CEH, CySA+, etc.).

Nice To Haves

Bachelor’s degree in Cybersecurity, Computer Science, or related field.
Experience with WAN/LAN security (Routers, Switches, Windows/Linux OS).
Experience with SOC/DCO tools (Firewalls, IDS/IPS, NSM, Bluecoat, Barracuda).
Experience performing WAN-based ACAS/Nessus compliance scans.
Experience with host-based security configuration (ESS preferred).
Ability to mentor/train personnel in fast-paced environments.
Familiarity with DoD SOC/CSSP environments.
Familiarity with DCO/CSSP security policies and procedures.
Active DoD Top Secret clearance (preferred).

Responsibilities

Perform Defensive Cyber Operations (DCO)/Cyber Security Service Provider (CSSP) duties outlined in Evaluator Scoring Metrics (ESM).
Conduct proactive and reactive cybersecurity actions to improve enterprise-wide security posture.
Perform and analyze vulnerability scans using Prisma and ACAS/Nessus.
Analyze assets, threat, and vulnerability data against known adversary exploits.
Support development and updates of DCO procedures, manuals, and documentation.
Support anti-malware operations, respond to malware reports, and assist in implementing protective measures.
Support host-based security across the enterprise using DoD ESS capabilities.
Generate vulnerability assessment reports for customers and escalate as needed.
Create and manage ESS/ACAS queries and dashboards.
Support enterprise Incident Response IAW DoD regulations.
Lead cyber events and incident investigations from start to finish.
Mentor and train junior DCO analysts.