Organization: Department of Education
Location: Washington, DC
Labor Category: Vulnerability Analyst/Lead
Terms: Full Time Employment
Salary: Based on experience, education and certification
Clearance: Secret or Top Secret
The Vulnerability Analyst is responsible for performing vulnerability assessments and performing penetration testing. Supports Department level risk assessment and risk based decision making. Specific responsibilities include:
- Serve as vulnerability management analyst as primary responsibility
- Review Plan of Action and Milestone (POAM) data with PMO Branch
- Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components
- Perform compliance scanning to analyze configurations and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components
- Engage with stakeholders, to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation
- Recommend appropriate remedial actions to mitigate risks and ensure information systems employ appropriate level of information security controls
- Validate remedial actions and ensure compliance with information security policy and regulatory requirements
- Assist in development and implementation of an information security vulnerability management policies, procedures, and standards based on National Institute of Standards and Technology (NIST) 800-53 standards, best practices, and compliance requirements
- Perform vulnerability management system administration functions, as required
- Maintain proficiency in threat and vulnerability management best practices
- Secret Clearance is the minimum. Top Secret a plus
- Bachelors Degree
- 7-10 years experience or CERTS in lieu of experience
- At least 3-5 years’ experience conduction vulnerability assessments.
- Expertise in vulnerability management processes and network and web vulnerability scanning.
- Required experience with HP Web Inspect v10.x.
- Desirable hands-on experience with Tenable Nessus
- Configure vulnerability assessment tools to perform vulnerability scanning on enterprise network.
- Experience scanning web applications hosted internally and externally.
- Experience troubleshooting issues arising from vulnerability scanning and serve as technical expert for vulnerability assessment tools.
- Experience generating Vulnerability Management metrics and reports.
- Familiarity with CSAM preferred
- CEH, GIAC, Security +, other related certs
Desired Skills and Certifications:
- Ability to draft reports and brief the customer on findings
- Top Secret Clearance