We are looking to hire a full time W2 Vulnerability Analyst to work seamlessly with the ISSM and other IT Security staff to create a holistic and fully integrated IT Security organization for the overarching Program.
Years of Experience: 10 years
Education Requirements: Bachelor’s degree
- Plan and execute vulnerability and compliance scans across the infrastructure
- Analyze scan reports to determine technical validity and merit
- Collaborate with infrastructure and application teams on security vulnerability remediation or patch management validation
- Identify and recommend appropriate measures to manage and remediate vulnerabilities
- Monitor and track security-related defects and resolutions
- Triage request for security scans from infrastructure and application teams
- Assist in establishing and implementing a CDM capability with integrated security controls for the SoS; Enable continuous monitoring to proactively survey, monitor, and track security-related defects and the status of their resolutions to report to the GPMO
- Employ automated or manual continuous monitoring techniques. Research GOTS or COTS automated continuous monitoring solutions.
- Develop vulnerability scanning rules.
- Develop scan results review and assessment procedures. Provide reports.
- In-depth technical experience with Tenable Nessus, SecurityCenter, HP WebInspect, and BigFix
- Experience in threat and vulnerability management, and penetration testing
- Experience with multiple programming and scripting languages (such as, Java, Python, C++, .NET)
- Demonstrated experience with Linux, Windows, and Cisco
- Knowledge of web application administration and management
- Knowledge of OWASP Top 10
- Knowledge of FedRAMP and FISMA compliance methodologies
- Demonstrate knowledge of networking concepts and devices (Firewalls, Routers, Switches, and Load Balancers)
- Demonstrate an understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Experience developing and improving KPIs, metrics, and trending for vulnerability management functions
- Understanding of how applications, networking, operating systems, and databases work
- Familiar with industry standard security best practices and vulnerability management processes including compliance reporting
- Working knowledge of FISMA controls with the ability to oversee traceability to the controls
- Past experience working throughout a complete IT Security life-cycle preferred
- Past experience supporting US Census Bureau Security Program preferred
- Project task management skills desired
- Experience supporting a complex System of Systems preferred
- Experience in working as a compliance and security control planner and implementer
- Ability to define and manage reporting and measurement systems for IT Security
- Ability to understand CIS and DISA STIG benchmarks
- Certifications: Certified Ethical Hacker (CEH), Security +, Network+, Tenable Certified Nessus User
- Tools/Technology Experience: Broad knowledge of security tools for both cloud and Data Center, including commercial and open source
- Organizational Skills: Proven ability to plan and prioritize work, both their own and that of project team. Follows tasks to their logical conclusion and makes sure that everything has been done to the right standard. Great attention to detail.
- Team Work: Highly collaborative. Comfortable working both individually and as part of a team. Prepared to challenge ideas within a group in a constructive way. Ability to influence others and move a team toward a common vision or goal.
- Leadership: Acute business acumen and understanding of organizational issues and challenges. Able to work effectively at all levels in an organization.
- Communications: Ability to communicate clearly and efficiently to team members and clients, verbally and in writing. Able to present ideas in a variety of ways depending upon audience and context. Excellent active listening skills.
- Problem Solving: Natural inclination for planning strategy and tactics. Ability to analyze problems and determine root cause, generating alternatives, evaluating and selecting alternatives and implementing solutions.
- Results oriented: Able to drive things forward regardless of personal interest in the task.