Vulnerability Assessment Analyst - Senior

About The Position

Requirements

• Must be US Citizen and and must be able to obtain and maintain an Entry on Duty (EOD) clearance
• Bachelors' degree from an accredited college in IT, cybersecurity, computer science, or related field, or equivalent experience/combined education, with 12 years of professional experience; or a Masters' degree with 10-13 years of professional experience
• At least six years of direct experience in vulnerability assessment/management
• Familiar with the management, operational, and technical aspects of IT Security in a complex environment.
• Experience working with industry-standard cybersecurity methodologies and processes
• Advanced knowledge of TCP/IP protocols
• Experience configuring and implementing various technical security solutions,
• Substantial experience managing vulnerability/compliance scans using Tenable Nessus and/or Security Center
• Expert in Nessus Manager
• Expert in Tenable.io

Nice To Haves

• Experience working in cyber operations, particularly for a federal government customer
• Experience supporting large and diverse cybersecurity environments
• Moderate proficiency in Splunk
• Familiarity with Swimlane
• Familiar with basic functions of Axonius
• Understanding of MITRE ATT&CK and various attack and defense methodologies
• Expertise in Linux and Windows operating systems
• Experience with supporting ATO audits, FISMA compliance, and other ISSO functions

Responsibilities

• Lead the Vulnerability Analysis function of the overall Vulnerability Assessment Team, working with the Vulnerability Management function and Penetration Testing function under a unified Vulnerability Assessment Lead
• Create and publish security-related alerts, bulletins, advisories, and notifications to all DHS components based on identified software and hardware vulnerabilities and monitor for compliance
• Continuously research emerging threats to the environment in order to disseminate the information to all stakeholders, immediately assess the known environment for presence of the vulnerability, and work with the NOSC, Enterprise VAT, and enterprise networking teams to proactively block exploitation within the Agency's environment
• Conduct scheduled and ad-hoc vulnerability/compliance scanning
• Create and maintain scans in support of continuous scanning requirements for various FISMA systems
• Employ ad-hoc or emergency vulnerability/compliance scanning to support targeted incident investigation, escalation, and emergency response to security events in accordance with documented procedures
• Coordinate with NOSC cybersecurity leadership and FISMA system ISSOs and system owners to explain findings, provide recommendations on mitigations, and advocate for mitigation of vulnerabilities
• Track and trend vulnerabilities for HQ NOSC to assess and depict risk posture
• Correlate CISA KVEs and incorporate into NOSC scanning as applicable
• Conduct, operate, and maintain vulnerability/compliance assessments and the resulting data and reports
• Conduct Host-based and Network Vulnerability Assessments
• Conduct Database Vulnerability Assessments
• Conduct Web-based Vulnerability Assessments
• Author and maintain SOPs and runbooks
• Other duties as assigned

Benefits

• 100% premium coverage for Medical, Dental, Vision, and Life Insurance, Supplemental Insurance, 401K matching, Flexible Time Off (PTO/Holidays), Higher Education/Training Reimbursement, and more.