Vulnerability Analyst/Lead

Send Resume

Organization: Department of Education
Location: Washington, DC
Labor Category:
Vulnerability Analyst/Lead
Terms: Full Time Employment
Salary: Based on experience, education and certification
Clearance: Secret or Top Secret

Job Description

The Vulnerability Analyst is responsible for performing vulnerability assessments and performing penetration testing. Supports Department level risk assessment and risk based decision making.  Specific responsibilities include:

  • Serve as vulnerability management analyst as primary responsibility
  • Review Plan of Action and Milestone (POAM) data with PMO Branch
  • Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components
  • Perform compliance scanning to analyze configurations and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components
  • Engage with stakeholders, to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation
  • Recommend appropriate remedial actions to mitigate risks and ensure information systems employ appropriate level of information security controls
  • Validate remedial actions and ensure compliance with information security policy and regulatory requirements
  • Assist in development and implementation of an information security vulnerability management policies, procedures, and standards based on National Institute of Standards and Technology (NIST) 800-53 standards, best practices, and compliance requirements
  • Perform vulnerability management system administration functions, as required
  • Maintain proficiency in threat and vulnerability management best practices

Required Skills

  • Secret Clearance is the minimum. Top Secret a plus
  • Bachelors Degree
  • 7-10 years experience or CERTS in lieu of experience
  • At least 3-5 years’ experience conduction vulnerability assessments. 
  • Expertise in vulnerability management processes and network and web vulnerability scanning.
  • Required experience with HP Web Inspect v10.x.
  • Desirable hands-on experience with Tenable Nessus
  • Configure vulnerability assessment tools to perform vulnerability scanning on enterprise network.
  • Experience scanning web applications hosted internally and externally.
  • Experience troubleshooting issues arising from vulnerability scanning and serve as technical expert for vulnerability assessment tools.
  • Experience generating Vulnerability Management metrics and reports.
  • Familiarity with CSAM preferred
  • CEH, GIAC, Security +, other related certs

Desired Skills and Certifications:

  • Ability to draft reports and brief the customer on findings
  • Top Secret Clearance