VULNERABILITY ASSESSMENT ANALYST

About The Position

Requirements

• Bachelor’s degree (technically relevant degree preferred). In lieu of degree, Sec+, GICSP, Cloud+, GCED, PenTest+, or GSEC may be accepted
• DoD 8570 IAT or IAM Level 2 
• TS/SCI eligible, subject to CI Polygraph.
• Vulnerability management and mitigation.
• Knowledge of computer networking concepts and protocols, and network security methodologies, risk management processes (e.g., methods for assessing and mitigating risk), and laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 
• Knowledge of cyber threats and vulnerabilities, and operational impacts of cybersecurity lapses. 
• Knowledge of cryptography and cryptographic key management concepts and host/network access control mechanisms (e.g., access control list, capabilities list). 
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities
• Apply and incorporate information technologies into proposed solutions.
• Apply the systems engineering process and design the integration of technology processes and solutions, including legacy systems and modern programming languages.
• Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Nice To Haves

• Apply and incorporate information technologies into proposed solutions.
• Apply the systems engineering process and design the integration of technology processes and solutions, including legacy systems and modern programming languages.
• Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Responsibilities

• Perform assessments of systems and networks within the network environment or enclave and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
• Develop measures of effectiveness for defense-in-depth architectures against known vulnerabilities.
• Identify systemic security issues based on the analysis of vulnerability and configuration data.
• Conduct vulnerability scans and mitigate vulnerabilities in security systems.
• Review logs to identify evidence of past intrusions and conduct application vulnerability assessments.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Review, promulgate, and track Cyber Task Orders. Coordinate and assist the relevant information system owners to resolve findings.