Cyber Security Innovations is looking for a
Vulnerability Management Analyst to join our team supporting our government client. This position requires on-site support 1 day/week at our federal client's HQ located in Camp Springs, MD.
The individual will be responsible for reviewing the output of security scanning tools showing the security weaknesses across the enterprise and identifying commonalities, trends, and developing recommended remediation strategies with the goal of increasing the efficiencies in the remediation process. This individual will coordinate with System Administrators, Database Administrators, Information System Security Officers (ISSOs), and Federal Client Leads to conduct direct outreach and remediation support as well as track vulnerability remediation actions to completion. This is a unique opportunity to influence the definition and maturity of the client's internal business processes and demonstrate immediate value to the contract and client space.
Responsibilities Include
- Applying analytical and computational techniques and methodologies to identify problems and recommend solutions.
- Performing enterprise-wide strategic systems planning, business information planning, and business analysis and developing associated recommendations.
- Performing process and data modeling in support of the planning and analysis efforts using both manual and automated tools.
- Providing technical guidance in software engineering techniques and automated support tools.
- Reviewing weaknesses in Tenable.io (TIO) and other security toolsets to identify common weaknesses that are present across the enterprise and developing enterprise strategies for remediation.
- Reviewing vulnerability data from multiple sources (i.e., internal / external vulnerability scanning) across multiple technologies and a changing environment including infrastructure and applications, develop recommended remediation strategies focusing on most efficient methods.
- Assisting the client in improving and automating existing vulnerability management lifecycles.
- Partnering with security tools and technology teams in other Branches to troubleshoot and enhance and/or fine-tune application configurations to enable enhanced protections from internal and external threats.
- Assisting in providing support and resolution for scanning and vulnerability remediation reporting issues.
- Leveraging Continuous Monitoring Splunk Dashboards and other relevant data sources to correlate data and events across information systems.
- Identifying and advising on process improvements for enhancing the current toolset in support of the client's Continuous Monitoring Program to facilitate the identification and prioritization of risk, to include additional data sources, data fields, etc.
- Assisting the organization in understanding and prioritizing security risks across the enterprise and quantifying the cost of risk to the enterprise.
- Coordinating with the Enterprise Information System Security Officer (ISSO) to understand weaknesses across the enterprise and document associated remediation strategies and milestones in the form of Plans of Action & Milestones (POA&Ms).
- Providing analysis and validation post remediation, identifying opportunities for improvements and out of the box thinking for optimization and addressing blockers.
- Reviewing data feeds, understanding and identifying risk/ impacts, and reporting on critical weaknesses affecting the enterprise.
- Correlating weaknesses documented as system level POA&Ms to determine the need for the creation of Program Level POA&Ms.
Required Skills, Qualifications, And Experience
- Must be a US Citizen with suitable eligibility for Public Trust position.
- Bachelor's degree in a related field.
- Must have and maintain at least one of the following certifications: CASP, GSEC, GSLC, CISSP, CEH, CISM, CISA.
- Must reside within a commutable distance of Camp Springs, MD in order to work onsite 1 day/week.
- Demonstrated understanding of a variety of technical concepts with focus on cloud computing, automation, networking, systems administration, application development, and information security best practices.
- Previous experience developing, maintaining, administering, and/or evaluating cloud solutions in AWS East/ West, MS Azure GovCloud, MS Office 365, and/or Google Services.
- Previous experience developing, maintaining, administering, and/or evaluating technology solutions built using Windows, CentOS, Red Hat Enterprise Linux Server, ExtremeXOS, and/or Ubuntu.
- Previous experience using one or more of the following tools: Tenable.io, Nexus IQ Server, Splunk Enterprise v 7.3 and higher, PrismaCloud, CloudCheckr, etc.
- Previous experience analyzing data from security scanning tools such as Tenable.io, Qualys Guard, Acunetix, Frontline, Nexpose, etc.
- Ability to work efficiently and effectively in a dynamic and fast-paced environment.
- Working knowledge of the NIST SP 800-37 Risk Management Framework.
- Works well independently and possesses a solid understanding of cyber security concepts.
- Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
- Ability to adapt to an Agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government.
- Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
- Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints.
- Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.
- Ability to clearly communicate complex technical concepts to Information Technology Project Managers, Database Administrators, Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Branch Chiefs and Business System Owners.
Desired Skills, Qualifications, And Experience
- AWS, Azure or Google Cloud Certification (Preferred).
Cyber Security Innovations (CSI) is an equal opportunity employer committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. As a veteran-friendly employer, we encourage military veterans to apply.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. CSI makes hiring decisions based solely on qualifications, merit, and business needs at the time.
CSI participates in the E-Verify Employment Verification Program.
Salary: $120000 - $140000 per year
Job Posted by ApplicantPro