Job Requirements
Remote
Public Trust Polygraph not specified
Mid Level Career (5+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
SkyePoint Decisions is seeking a highly motivated team member to join our team as a Cyber Threat/Vulnerability Management Analyst to support a government customer. This position will involve the collection, analysis, and dissemination of information about potential or current threats to an organization's information systems and networks as well as vulnerability management.
This is a 100% remote position.
Responsibilities:
Monitor enterprise environments (including cloud) for vulnerabilities and configuration weaknesses across
hardware and software assets.
Track and identify new vulnerabilities from various sources, communicating them effectively to stakeholders using multiple channels.
Prioritize vulnerability remediation based on asset risk profiles, severity ratings, and threat intelligence.
Advise stakeholders on false positives and recommend cost-effective remediation or mitigation solutions.
Coordinate, track, and report remediation of high-risk vulnerabilities (e.g., emergency directives, imminent
threats).
Develop and report vulnerability metrics using dashboards or reports.
Collaborate with O&M teams to optimize scanning tools for enhanced visibility and security.
Identify program gaps, recommend improvements, and support implementation of vulnerability management plans.
Assess risks associated with unmitigated vulnerabilities and configuration weaknesses.
Support asset management efforts through identification, classification, and ownership.
Attend federal intelligence calls, summarize for stakeholders, and take necessary actions.
Gather and analyze threat indicators from trusted sources and OSINT, integrating them into EDR and SIEM tools.
Use ticketing systems to submit network block requests, apply endpoint blocks, and initiate incident response tickets.
Create and deliver reports or requests for information (RFIs) as needed, addressing both general and granular stakeholder needs.
Conduct proactive threat hunting using SIEM tools and participate in after-hours on-call rotations for incident response.
Investigate and analyze notable events from tools like Splunk and Microsoft 365 Defender.
Mentor junior analysts, assist with triage and investigation of incidents, and participate in tabletop exercises.
Contribute to the development of playbooks and standard operating procedures for incident response.
Required Qualifications:
BS degree and 5 years of relevant experience, or MS degree and 3 years of relevant experience.
CompTIA Security+ and CompTIA Cyber Security Analyst+ (or equivalent) required.
Hands-on experience with incident response, including analysis, containment, eradication, and recovery.
Experience with SCAP-compliant vulnerability tools (e.g., Tenable Nessus, Qualys) and vulnerability management processes.
Strong knowledge of OWASP, SIEM, EDR tools, and threat intelligence platforms.
Excellent communication skills and experience analyzing qualitative and quantitative data.
Proficiency with Microsoft Security Defender ATP, Office 365, Azure AD, and Cloud App Security.
Experience using open-source tools for malware investigation and ServiceNow for service management.
Must be able to pass a Public Trust clearance suitability determination.
Must be a U.S. citizen.
Preferred Qualifications:
Desirable certifications: GCIH, ECIH, CEH, Splunk, and Microsoft certifications.
Experience creating and tuning Splunk dashboards and reports is highly preferred.
Scripting experience (PowerShell, Python) and familiarity with PCAP, remote forensics, Splunk UBA, and SOAR tools are a plus.
This is a 100% remote position.
Responsibilities:
Monitor enterprise environments (including cloud) for vulnerabilities and configuration weaknesses across
hardware and software assets.
Track and identify new vulnerabilities from various sources, communicating them effectively to stakeholders using multiple channels.
Prioritize vulnerability remediation based on asset risk profiles, severity ratings, and threat intelligence.
Advise stakeholders on false positives and recommend cost-effective remediation or mitigation solutions.
Coordinate, track, and report remediation of high-risk vulnerabilities (e.g., emergency directives, imminent
threats).
Develop and report vulnerability metrics using dashboards or reports.
Collaborate with O&M teams to optimize scanning tools for enhanced visibility and security.
Identify program gaps, recommend improvements, and support implementation of vulnerability management plans.
Assess risks associated with unmitigated vulnerabilities and configuration weaknesses.
Support asset management efforts through identification, classification, and ownership.
Attend federal intelligence calls, summarize for stakeholders, and take necessary actions.
Gather and analyze threat indicators from trusted sources and OSINT, integrating them into EDR and SIEM tools.
Use ticketing systems to submit network block requests, apply endpoint blocks, and initiate incident response tickets.
Create and deliver reports or requests for information (RFIs) as needed, addressing both general and granular stakeholder needs.
Conduct proactive threat hunting using SIEM tools and participate in after-hours on-call rotations for incident response.
Investigate and analyze notable events from tools like Splunk and Microsoft 365 Defender.
Mentor junior analysts, assist with triage and investigation of incidents, and participate in tabletop exercises.
Contribute to the development of playbooks and standard operating procedures for incident response.
Required Qualifications:
BS degree and 5 years of relevant experience, or MS degree and 3 years of relevant experience.
CompTIA Security+ and CompTIA Cyber Security Analyst+ (or equivalent) required.
Hands-on experience with incident response, including analysis, containment, eradication, and recovery.
Experience with SCAP-compliant vulnerability tools (e.g., Tenable Nessus, Qualys) and vulnerability management processes.
Strong knowledge of OWASP, SIEM, EDR tools, and threat intelligence platforms.
Excellent communication skills and experience analyzing qualitative and quantitative data.
Proficiency with Microsoft Security Defender ATP, Office 365, Azure AD, and Cloud App Security.
Experience using open-source tools for malware investigation and ServiceNow for service management.
Must be able to pass a Public Trust clearance suitability determination.
Must be a U.S. citizen.
Preferred Qualifications:
Desirable certifications: GCIH, ECIH, CEH, Splunk, and Microsoft certifications.
Experience creating and tuning Splunk dashboards and reports is highly preferred.
Scripting experience (PowerShell, Python) and familiarity with PCAP, remote forensics, Splunk UBA, and SOAR tools are a plus.
group id: 10370519