The Vulnerability Analyst is responsible for performing vulnerability assessments and performing penetration testing. Supports Department level risk assessment and risk based decision making. Specific responsibilities include:
Serve as vulnerability management analyst as primary responsibility
Review Plan of Action and Milestone (POAM) data with PMO Branch
Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components
Perform compliance scanning to analyze configurations and facilitate implementation of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components
Engage with stakeholders, to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation
Recommend appropriate remedial actions to mitigate risks and ensure information systems employ appropriate level of information security controls
Validate remedial actions and ensure compliance with information security policy and regulatory requirements
Assist in development and implementation of an information security vulnerability management policies, procedures, and standards based on National Institute of Standards and Technology (NIST) 800-53 standards, best practices, and compliance requirements
Perform vulnerability management system administration functions, as required
Maintain proficiency in threat and vulnerability management best practices
Required Skills and Certifications:
Secret Clearance is the minimum. Top Secret a plus
7-10 years experience or CERTS in lieu of experience
At least 3-5 years experience conduction vulnerability assessments.
Expertise in vulnerability management processes and network and web vulnerability scanning.
Required experience with HP Web Inspect v10.x.
Desirable hands-on experience with Tenable Nessus
Configure vulnerability assessment tools to perform vulnerability scanning on enterprise network.
Experience scanning web applications hosted internally and externally.
Experience troubleshooting issues arising from vulnerability scanning and serve as technical expert for vulnerability assessment tools.
Experience generating Vulnerability Management metrics and reports.
Familiarity with CSAM preferred
CEH, GIAC, Security +, other related certs
Desired Skills and Certifications:
Ability to draft reports and brief the customer on findings
Top Secret Clearance
Please visit our website for more info regarding Foxhole Technology open positions and our benefits we offer excellent benefits and professional development opportunities:
We sincerely appreciate your consideration of Foxhole Technology
Foxhole Technology is a Service Disabled Veteran Owned Small Business (SDVOSB) headquartered in Fairfax Virginia.
Secret Security Clearance Required with capability to aquire Top Secret Clearance