Apr 22
Secret
Mid Level Career (5+ yrs experience)
$80,000
No Traveling
IT - Security
Smyrna, GA (Off-Site/Hybrid)•Fort Gregg-Adams, VA (Off-Site/Hybrid)
Vulnerability Management Analyst
Provide support to increase the Cybersecurity Center’s ability to manage the cybersecurity risk to systems, assets, data, and agency capabilities through active identification of system/application weaknesses that require remediation and/or mitigation, enabling DoD to focus and prioritize its risk and vulnerability management efforts in alignment with the needs of the Agency. Work shall be performed in accordance with Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01, NIST SP 800-40, DoDI 8530.01, CJCSM 6510.02, TASKORD 20-020, FRAGO 21 to OPORD 05-01CJCSI 6510.01F, CJCSM 6510.02, TASKORDER 13-0670; and any future released directives/mandates.
Responsibilities:
• Ensure routine action is taken to identify and correct vulnerabilities according to the following phases. Vulnerabilities include Information Assurance Vulnerability Management (IAVM) as well as vulnerabilities not be addressed through IAVM directives but affect DoD owned and managed information systems (ISs) and devices:
◦ Identify
◦ Analysis
◦ Report
◦ Remediation/Mitigation
◦ Verification
◦ Post Analysis / Process Improvement
• Provide metrics tracking the following with regards to performance and mission success: mean time to patch; POA&M and Risk Acceptance staffing; and non-compliance trending.
• Support the risk assessment process, Information Security Continuous Monitoring (ISCM) program and Agency overall risk management strategy by providing vulnerability scan information to the Risk Management Group, or relevant entity, in support of assessing and authorizing the environments;
• Conduct testing of IS software patches, updates, upgrades, and hardware device configurations. Provide information system baseline scan reports.
• Provide enterprise, discovery, and compliance Vulnerability Scan report.
• Conduct vulnerability scans requests (i.e. SR, IR) and provide analysis results.
• Create and maintain consistent, repeatable, quality driven, measurable, and comprehensive Vulnerability Management procedures. Establish common standards for directive reporting and compliance as it relates to vulnerability management.
• Host vulnerability remediation/mitigation meetings to review remediation actions with stakeholders; providing SME level guidance on scanning signatures and detection capabilities; Validate and monitor corrective actions/remediation of vulnerabilities on information systems.
• Participate in Cyber Situational Awareness Brief (SAB) and provide: health status of required scans and scanning tools across all environments to include scanning completed by other entities such as DISA; and latest vulnerability status.
• Collaborate with DoD and/or Non-DoD organizations to actively share vulnerability information in order to shape cyber mission space for vulnerability mitigation.
Requirements:
• Active Secret security clearance
• At least 3 years of related experience
• DoD IAT II required certification/s (one of the following):
◦ CCNA-Security
◦ CySA+ (CSA+)
◦ GICSP
◦ GSEC
◦ Security+ CE
◦ CND
◦ SSCP
• DoD CSSP Auditor required certification/s (one of the following):
◦ CEH
◦ CySA+ **
◦ CISA
◦ GSNA
◦ CFR
◦ PenTest
Provide support to increase the Cybersecurity Center’s ability to manage the cybersecurity risk to systems, assets, data, and agency capabilities through active identification of system/application weaknesses that require remediation and/or mitigation, enabling DoD to focus and prioritize its risk and vulnerability management efforts in alignment with the needs of the Agency. Work shall be performed in accordance with Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01, NIST SP 800-40, DoDI 8530.01, CJCSM 6510.02, TASKORD 20-020, FRAGO 21 to OPORD 05-01CJCSI 6510.01F, CJCSM 6510.02, TASKORDER 13-0670; and any future released directives/mandates.
Responsibilities:
• Ensure routine action is taken to identify and correct vulnerabilities according to the following phases. Vulnerabilities include Information Assurance Vulnerability Management (IAVM) as well as vulnerabilities not be addressed through IAVM directives but affect DoD owned and managed information systems (ISs) and devices:
◦ Identify
◦ Analysis
◦ Report
◦ Remediation/Mitigation
◦ Verification
◦ Post Analysis / Process Improvement
• Provide metrics tracking the following with regards to performance and mission success: mean time to patch; POA&M and Risk Acceptance staffing; and non-compliance trending.
• Support the risk assessment process, Information Security Continuous Monitoring (ISCM) program and Agency overall risk management strategy by providing vulnerability scan information to the Risk Management Group, or relevant entity, in support of assessing and authorizing the environments;
• Conduct testing of IS software patches, updates, upgrades, and hardware device configurations. Provide information system baseline scan reports.
• Provide enterprise, discovery, and compliance Vulnerability Scan report.
• Conduct vulnerability scans requests (i.e. SR, IR) and provide analysis results.
• Create and maintain consistent, repeatable, quality driven, measurable, and comprehensive Vulnerability Management procedures. Establish common standards for directive reporting and compliance as it relates to vulnerability management.
• Host vulnerability remediation/mitigation meetings to review remediation actions with stakeholders; providing SME level guidance on scanning signatures and detection capabilities; Validate and monitor corrective actions/remediation of vulnerabilities on information systems.
• Participate in Cyber Situational Awareness Brief (SAB) and provide: health status of required scans and scanning tools across all environments to include scanning completed by other entities such as DISA; and latest vulnerability status.
• Collaborate with DoD and/or Non-DoD organizations to actively share vulnerability information in order to shape cyber mission space for vulnerability mitigation.
Requirements:
• Active Secret security clearance
• At least 3 years of related experience
• DoD IAT II required certification/s (one of the following):
◦ CCNA-Security
◦ CySA+ (CSA+)
◦ GICSP
◦ GSEC
◦ Security+ CE
◦ CND
◦ SSCP
• DoD CSSP Auditor required certification/s (one of the following):
◦ CEH
◦ CySA+ **
◦ CISA
◦ GSNA
◦ CFR
◦ PenTest
group id: 90982409
