Vulnerability Assessment Analyst

Description

Job Title: Vulnerability Assessment Analyst

Location: Fort Meade, Maryland
Security Clearance: Secret

Responsibilities include (but are not limited to):

• Vulnerability Assessment:
  • Conduct thorough vulnerability assessments on networks, systems, and applications using industry-standard tools and methodologies.
  • Identify, document, and prioritize vulnerabilities based on risk assessments and impact to the organization.
  • Collaborate with system owners and IT teams to develop and implement remediation plans for identified vulnerabilities.
• Threat Analysis & Reporting:
  • Monitor and analyze security threats and vulnerabilities from various sources, including threat intelligence feeds, security bulletins, and vulnerability databases.
  • Prepare detailed reports on findings, including risk analysis, potential impacts, and recommended mitigation strategies.
  • Present vulnerability assessment results to stakeholders, including leadership and technical teams, in a clear and concise manner.
• Compliance & Security Standards:
  • Ensure that all systems and applications are compliant with DoD cybersecurity standards, including Security Technical Implementation Guides (STIGs) and Risk Management Framework (RMF) requirements.
  • Participate in security audits and assessments, providing evidence and documentation to demonstrate compliance.
  • Stay current on the latest security threats, vulnerabilities, and mitigation techniques to ensure the organization’s defenses are up to date.
• Continuous Improvement:
  • Develop and maintain vulnerability management processes and procedures to improve the efficiency and effectiveness of the assessment program.
  • Recommend enhancements to security configurations, policies, and procedures based on assessment findings.
  • Assist in the development and delivery of security awareness training related to vulnerability management and secure coding practices.

Qualifications

• Education & Experience:
  • Bachelor’s degree in Information Security, Cybersecurity, Information Technology, or a related field, or equivalent work experience.
  • Minimum of 3-5 years of experience in vulnerability assessment, penetration testing, or related cybersecurity roles.
  • Experience in a classified or DoD environment, with a strong understanding of DoD cybersecurity frameworks.
• Technical Skills:
  • Proficiency with vulnerability assessment tools such as Nessus, Qualys, or OpenVAS.
  • Strong knowledge of cybersecurity principles, including vulnerability management, risk assessment, and threat modeling.
  • Familiarity with DoD STIGs, RMF, and other relevant cybersecurity frameworks and guidelines.
  • Experience with scripting and automation tools to enhance vulnerability assessment processes (e.g., Python, PowerShell).
• Certifications (Preferred):
  • Certified Ethical Hacker (CEH), GIAC Certified Penetration Tester (GPEN), or equivalent.
  • CompTIA Security or CISSP.
  • Certified Information Systems Auditor (CISA) or equivalent.