Vulnerability Analyst - U.S. CITIZENSHIP REQUIRED

Vulnerability Analyst will scan, analyze and report compliance of systems and network infrastructure on the regional and theater level. Seeks to protect and defend information and information systems by ensuring confidentiality, integrity with non-repudiation, authentication, and availability. Reports to the RCC-SWA Cybersecurity Manager.

MAJOR JOB ACTIVITIES:

Vulnerability Analyst’s Plan, coordinate, review, analyze and provide feedback to customers on weekly vulnerability scans (i.e., ACAS coordinator/analyst, Security Center administrator).  Survey network diagrams and other artifacts, utilize network visualization tools and assist in determining if vulnerability scans are being conducted on all network assets; help identify means of overcoming gaps in vulnerability scanning.  Assist in the preparation of vulnerability scanning reports to commanders and high headquarters; liaison with IAVM manager and ISSO regarding vulnerability and remediation issues. Develop plans and recommend tools for the vulnerability scanning of all network assets to the Military and down trace units.  Monitor INFOCON status and maintain awareness of all INFOCON requirements; assess current architecture and computer assets for INFOCON compliance. Communicate and disseminate updates and tabletop exercises among the various commands in the SWA AOR. Generate and update reports for all areas of responsibility, interact with System Center Configuration Manager (SCCM) administrators in order to leverage scanning and patching battle rhythm. Continuous monitoring of network and systems assets to ensure accurate compliance reporting for Risk Management Framework (RMF).

• Ability to troubleshoot servers and infrastructure equipment
• Ability to assess networking requirements and provide solutions
• Ability to make accurate and independent decisions under pressure
• Experience with a customer service oriented company
• Excellent organizational, interpersonal, written, and verbal communication skills
• Ability to perform comfortably in a fast-paced, deadline-oriented work environment
• Ability to successfully execute many complex tasks simultaneously

WORKING ENVIRONMENT:

Candidate must be able to lift, push and pull up to 40 lbs.

The work environment will be 95% indoor and 5% outdoor. The outdoor work environment may exceed temperatures 100º F. Candidate must be able to withstand extreme heat physically.

MINIMUM QUALIFICATIONS:

Education: 

Bachelors Degree or equivalent experience preferably in Computer Science or MIS, IS, Engineering or related field. One-year related experience can be substituted for one year of education if the degree is required. One year of related academic study above the high school level may be substituted for one year of experience up to a maximum of a 4-year bachelor's degree in a Software Engineering or Business Information Systems discipline for three years general experience.

Experience: 

At least three (3) years of practical experience working with various data (network and system) technologies, with a minimum of two of those years focused on security.

Knowledge of certification tools preferred.  Knowledge of Linux configuration and management preferred.

Certifications: 

This position requires candidates to adhere to DoD 8570.01-M. All candidates are required to maintain at least one (1) baseline certification and two (2) computing environment (CE) certifications. The authorized certifications for this job title are listed as follows:

IAT Level: IAT III

Baseline: CASP
CISA
CISSP (or Associate)
GSEC
GCED
GCIH

CE: DISA ACAS Version 5.3 (or current version)