Vulnerability Analyst (4175) (TS/SCI) (Ft. Belvoir, VA)

SMX is seeking a Vulnerability Analyst to perform regular vulnerability assessments and scans of networks, systems, and applications in both on-premises and cloud environments and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. This role involves analyzing assessment results, evaluating risk levels, and collaborating with IT and security teams to develop and implement effective remediation strategies. The Vulnerability Analyst ensures compliance with DoD, Army, and Intelligence Community (IC) regulations while educating stakeholders about the importance of vulnerability management and security best practices. This position requires technical expertise, a thorough understanding of cybersecurity principles, and strong communication skills to enhance the overall security posture of the Army Intelligence Enterprise (AIE). This is a full-time onsite position.

Essential Duties & Responsibilities

• Vulnerability Assessment and Analysis:
• Identify systems, services, and applications that pose exceptional risk to Army IC.
• Using security tools, perform regular vulnerability assessments on networks, systems, and applications in on-premises and cloud environments.
• Perform vulnerability assessments based on DoD, Army, and IC Policies and
• Examine vulnerability assessment results to determine the severity, risk levels, and possible impact of identified vulnerabilities.
• Continuously monitor systems and networks for new threats and vulnerabilities, adjusting processes as needed to ensure compliance with Army and IC regulations.
• Identify gaps in coverage of security tools required by DoD, Army, and IC.
• Manage and support Army IC quarantine process in collaboration with IT Operations.
• Remediation and Collaboration:
• Coordinate with IT and security teams to create and implement remediation plans, which may involve applying patches, making configuration changes, or introducing other security measures.
• Offer expertise on vulnerability issues during security incidents and assist with incident response activities.
• Collaborate closely with ISSOs and ISSMs throughout the Army Intelligence Enterprise (AIE) to encourage best practices and swiftly address security issues.
• Develop relevant vulnerability, threat, and risk metrics.
• Tools Management and Reporting:
• Manage and maintain vulnerability assessment tools to ensure they remain up-to-date and effective at identifying security weaknesses.
• Create detailed reports on vulnerability assessment outcomes, risk evaluations, and mitigation progress to share with stakeholders, including management and regulatory agencies.
• Develop and manage vulnerability and risk dashboards for consumption by system administrators, cybersecurity analysts, ISSOs, ISSMs, ISOs, major commands, and executive leadership.
• Training and Awareness:
• Educate and train ISSM, ISSO, and other cybersecurity analysts on the use of vulnerability assessment tools, security best practices, and compliance requirements.
• Contribute to security awareness initiatives and develop enhanced vulnerability scanning methodologies and tools.
• Compliance and Standards:
• Ensure compliance with DoD, Army, and IC regulations, including task orders, bulletins, National Security Memorandums (NSM).
• Stay updated on the latest cybersecurity threats, technologies, and emerging vulnerabilities to ensure compliance and improve vulnerability assessment processes.
• Threat Research and Mitigation:
• Research and report on new threats, attack vectors, and exploitation methods, demonstrating a thorough understanding of cyber threat actor tactics, techniques, and procedures (TTPs).
• Assess, plan, and improve cybersecurity architecture, detection signatures, and tool configurations to protect systems from breaches.
• Perform cyber threat intelligence analysis, correlate actionable cybersecurity events, and create correlation techniques for identifying threats.
• Vulnerability Assessments:
• Conduct and/or support authorized penetration testing on enterprise network assets.
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions
• Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Make recommendations regarding the selection of cost‐effective security controls to mitigate risk (e.g., protection of information, systems)
• Automation and Process Optimization:
• Identify and evaluate solutions for automating cybersecurity analysis tasks to enhance efficiency and accuracy.
  

Required Skills, Experience & Education

• Active Top Secret (TS) security clearance with eligibility for SCI and NATO read-on before starting work.
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• CCE, CFR, CISSO, Cloud , CPTE, CySA , FITSP-A, GCED, GCIH, GCSA, GICSP, GPEN, GSEC, PenTest or equivalent.
• Proficiency in vulnerability scanning tools such as Nessus, Splunk, network analyzers, and Big Data analytics.
• A strong understanding of cybersecurity principles, the threat landscape, and Common Vulnerabilities and Exposures (CVEs).
• Demonstrated ability to analyze and interpret vulnerability scan results and make informed decisions regarding risk prioritization and remediation.
• Familiarity with Army and IC regulations, as well as compliance standards, including the DISA ACAS Best Practice Guide.
• Communication and Collaboration: Strong written and verbal communication skills for producing reports, conveying technical information to non-technical stakeholders, and working collaboratively with teams.
• Ability to collaborate closely with IT and security teams to address vulnerabilities effectively.
• Technical Expertise: Proficient in using vulnerability scanning tools and assessing the security posture of complex systems.
• Analytical Thinking: Strong problem-solving skills to prioritize vulnerabilities, assess risks, and recommend effective remediation measures.
• Communication: Ability to present technical findings clearly to both technical and non-technical audiences.
• Collaboration: Skilled in working with cross-functional teams, including IT, security, and compliance personnel.
• Attention to Detail: Thorough in scanning, analyzing, and documenting vulnerabilities and associated risks.
• Regulatory Knowledge: Familiar with DoD, Army, and IC compliance requirements and best practices for vulnerability management.
• Adaptability: Keeps pace with evolving cybersecurity threats, tools, and regulations to maintain the effectiveness of vulnerability management processes.
  
  

Desired Skills/Experience

• Advanced certifications, such as the Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler (GCIH), or GIAC Vulnerability Assessment Professional (GVAP).
• Experience in Army, DoD, or IC environments with an emphasis on vulnerability management.
• Knowledge of scripting or automation tools (e.g., Python, PowerShell) to improve vulnerability reporting and remediation processes.
• Hands-on experience with implementing vulnerability management programs in hybrid (on-premises and cloud) environments.
  
  

Application Deadline: April 14, 2025

#CJPOST

The SMX salary determination process takes into account a number of factors, including but not limited to, geographic location, Federal Government contract labor categories, relevant prior work experience, specific skills, education and certifications. At SMX, one of our Core Values is to Invest in Our People so we offer a competitive mix of compensation, learning & development opportunities, and benefits. Some key components of our robust benefits include health insurance, paid leave, and retirement.

The proposed salary for this position is:

$145,200—$242,000 USD

At SMX®, we are a team of technical and domain experts dedicated to enabling your mission. From priority national security initiatives for the DoD to highly assured and compliant solutions for healthcare, we understand that digital transformation is key to your future success.

We share your vision for the future and strive to accelerate your impact on the world. We bring both cutting edge technology and an expansive view of what’s possible to every engagement. Our delivery model and unique approaches harness our deep technical and domain knowledge, providing forward-looking insights and practical solutions to power secure mission acceleration.

All qualified candidates will receive consideration for employment without regard to disability status, protected veteran status, race, color, age, religion, national origin, citizenship, marital status, sex, sexual orientation, gender identity or expression, pregnancy or genetic information.

Selected applicant may be subject to a background investigation and/or education verification.