Job Description
ECS is seeking an Analyst Mid to work in Windsor Mill office.
Position Responsibilities:
The Mid Vulnerability Analyst will support a wide array of information systems and security technologies in a highly federated government environment. The ideal candidate for this position is a fast learner with vulnerability management experience. This role is vital for the continuous identification, assessment, and prioritization of vulnerabilities using network management and vulnerability scanning tools (e.g., Dbprotect, Tenable Security Center, Forescout, Invicti). The ideal candidate will conduct a thorough analysis of vulnerabilities identified by cybersecurity tools and prioritize them effectively according to the risk they pose to the organization, specifically by assessing the potential impact on the organization if exploited, and the likelihood of exploitation.
Other responsibilities include but are not limited to:
Develop reports utilizing network and vulnerability management tools and a Security Data Lake to detect and evaluate vulnerabilities.
o Correlate threat telemetry from various sources through the enterprise environment.
o Generate regular reports on vulnerability management activities, including progress, risk reduction, and key performance indicators. Provide insights to leadership on the organization's vulnerability landscape.
o Collaborate with system owners and support teams to validate findings and provide vulnerability information to stakeholders.
o Perform detailed examination of reported vulnerabilities to discern and diminish false positives, ensuring that the organization's resources are accurately targeted.
Systematically, prioritize vulnerabilities, ranking them not only by their technical severity but also by their relevance to the organization's unique environment and potential business impact.
o Work to analyze and create Cyber Hygiene reports to assist with agency compliance and prioritizing remediation efforts.
o Scrutinizing disclosed vulnerabilities from external security researchers, verifying their legitimacy, assessing severity, exploitation complexity, and
potential impact
o Use insights derived from our security data lake to conduct analysis, supporting the development of improved security measures.
o Generate management reports on vulnerability management activities, including progress, risk reduction, and key performance indicators geared to providing insights to leadership on the organization's vulnerability landscape.
Collaborating with pertinent government leads and technical teams to apprise, notify, and aid in mitigating identified vulnerabilities.
o Collaborate with incident response tickets related to disclosed vulnerabilities, encompassing ticket development, updates, and closure, focusing exclusively on security incidents reported in our Enterprise Application.
Stay up to date with the latest security threats and vulnerabilities to respond quickly to potential risks.
Generating and maintaining comprehensive records and reports of all disclosed incidents, vulnerabilities, actions taken, and outcomes, including trend analysis, response efficacy, and program maturation recommendations.
Demonstrating extensive proficiency in current and emerging cybersecurity threats and incident response, staying abreast of evolving threats, security trends, and industry best practices to accurately validate, categorize, and offer program enhancement suggestions.
Salary Range: $100,809.00 - $123,211.00
General Description of Benefits: Benefits Link
Required Skills
Job Requirements:
2 to 4 years of progressive Cyber Security experience identifying, analyzing, and communicating cyber threat and vulnerability information
Experience applying threat and vulnerability analysis models (e.g. Mitre ATT&CK Framework, and the Common Vulnerability Scoring System (CVSS)).
Proven experience working in a large and complex network.
Experience performing vulnerability assessments or penetration testing.
Ability to obtain a security clearance.
Bachelor's degree or equivalent in a computer-related field.
Desired Skills
Certifications/Licenses:
Security +, Network +, and/or CCNA are a plus.
Preferred Experience:
Knowledge of basic networking protocols including TCP/IP, UDP, HTTP/HTTPS, SSH, DNS, SSL/TLS.
Experience using the following tools/applications: JIRA, Service Now, Nessus Tenable Security Center, ForeScout, Splunk, Invicti (formerly Netsparker)
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: 10112MAN
- Position Id: 3406
- Posted 2 hours ago
Never miss an opportunity! Create an alert based on the job you applied for.
