As our Information Security Analyst, you will perform various Vulnerability Management duties including the tracking and dissemination of vulnerability assessments, participate in red/blue team events, and the identification and reporting of network and system vulnerabilities, security events, and adverse cyber related activity identified through I&W and AS&W indicators.
The Information Security Analyst will manage all aspects of infrastructure systems used to manage CND-SP networks & resources and will assess threats to the environment.
Responsibilities also include patch repository maintenance, supporting and performing inspections to ensure compliance to DoD 8530 Standards, and participating in risk assessment during the C&A (certification and accreditation) process, as well as, supporting security certification tests and evaluation of assets
REQUIRED QUALIFICATIONS:
Bachelor’s degree and 8 years of experience related to specific functional area.
Currently hold, or be able to attain a CompTIA Security+ or equivalent certification
Working with and/or has technical knowledge on classified networks, servers, storage, operating systems, applications, and the full stack of supporting technologies
Understands cloud service provider vulnerability testing approaches
Supporting vulnerability management program requirements including maintaining patch repository, issuing alerts and bulletins, and tracking compliance
Supporting vulnerability management risk scoring and quantifying risk posed by un-patched Vulnerability Alerts
Reviewing reporting, automation, and visualization systems to provide situational awareness and making recommendations to improve vulnerability management capabilities
Coordinating access to systems and approvals for scanning activities
Conducting ad hoc testing to assist with development activities or vulnerability remediation
Reviewing and testing system security controls (managerial, operational, and technical) to determine adequacy against federal requirements (e.g., NIST SP 800-53) and mission context
Supporting technical environment testbed for emerging capabilities, tolls, and processes
Operating or supporting ACAS security scanning software
Creating, maintaining, and updating knowledge management and technical documentation of operational processes and findings
Performing security certification tests and evaluation of assets
Providing input on adequacy of security designs and architectures
DESIRED QUALIFICATIONS:
Security certifications: CCNA Security, CySA+, SSCP, or equivalent certification
