GDIT

Returning Candidate?

Vulnerability Management Analyst

Vulnerability Management Analyst

Requisition ID 
2017-33700
# of Openings 
1
Job Location 
USA-FL-Hurlburt Field
Job Function 
Information Technology
Security Clearance Level 
Secret
Full/Part Time 
Full Time

More information about this job

Job Description

The Vulnerability Management Analyst - Information System Security Manager (ISSM) will work closely with the Cyber Security Team – to support multiple programs and Air Force and USSOCOM connected systems through the vulnerability management and Risk Management Framework (RMF) process. They will be responsible for maintaining configuration items and executing functions on the vulnerability management platform, which includes but not limited to ACAS & Source Code scans, STIG Validation in support of DISA, DoD, USSOCOM, and USAF guidelines and proactive vulnerability detection. They will be responsible for composing essential documentation (procedures, scanning reports, remediation reports, etc.), providing analysis and metrics on vulnerabilities, and driving remediation of vulnerabilities throughout the organization. The ideal candidate has a background in Systems Administration or Systems Engineering, has a strong systems security mindset, is very detailed oriented with strong written and oral communication skills.

Knowledge, Skills and Abilities

  • 3+ Years of Information Security Experience, working with Vulnerability management tools
  • Demonstrated knowledge of Systems Administration/Engineering with proficiency in analyzing systems designs with a systems security mindset
  • Strong knowledge of threats and vulnerabilities associated with cloud and on-premise network security
  • Demonstrated ability to work effectively in an ambiguous environment
  • Strong oral and written communications skills
  • Strong analytical and problem-solving skills and proactive thinking skills
  • High-level familiarity with Vulnerability Management tools such as ACAS, SCAP, and SCCM.
  • Moderate- to high-level familiarity with RMF input and validation tools such as eMass and XACTA.
  • Basic level familiarity with DoD, USAF, USSOCOM, and other Cyber Security Regulatory Compliance bodies
  • Familiarity with basic networking protocols (e.g., TCP/IP, UDP, etc.)
  • Familiarity with basic concepts of Penetration Testing (e.g., Penetration Test Execution Standards (PTES, Black Box Pen Testing, etc.) to include use of the more popular tools (e.g., metasploit, Nmap, etc.)
  • Ability to oversee and/or perform the development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support
  • Ability to drive automation of vulnerability management platform and processes
  • Demonstrated understanding of infrastructure and cloud vulnerability scanning
  • Understanding of how to classify and prioritize the risk of new vulnerabilities based on the operating environment
  • Ability to develop and maintain metrics and reports on vulnerability findings and remediation compliance
  • Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams
  • Provide technical support to system and technology owners to propose mitigation and remediation solutions
  • Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied
  • Document and report on processes and procedures
  • Provide input to leadership for enhancing the vulnerability management strategy
  • Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers and other education opportunities
  • Sense of urgency to address new technologies being deployed: Continuous development of infrastructure and cloud vulnerability expertise to function as subject matter expert in multiple technical or business disciplines;
  • A Cyber Security Team team-player contributing to policy development, RMF package accreditations, and Tempest requirements

Education

Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

 

DoD 8570 IAM III Level Certification Required (CISSP, CISM, GSLC)

 

SSCP, GIAC Security Essentials Certified Ethical Hacker (CEH), and other security related certifications a plus

Qualifications

5-8 years of related experience in data security administration.

The work is performed in an office and lab environment

Must be able to obtain a passport for OCONUS travel, if required

Lift over 35 LBS

 

#DPOST #ISDCJ

 

As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors. With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services. GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.

Connect With Us!

Not ready to apply or just want to stay informed on various career opportunities and events at ARMA, a General Dynamics company? Join one of our Talent Communities today!