Title: INFO SECURITY ANALYST IV
Location: Washington, DC (onsite)
Duration: 6 months
Security clearance: Ability to obtain public trust
We are seeking a Security Engineer - Vulnerability Manager to support the mission by joining a dedicated team of cybersecurity professionals who collaborate, cooperate, and facilitate maintaining and enhancing the security posture of information systems and infrastructure. These information systems and infrastructure support the mission of managing and maintaining United States critical infrastructure (i.e. highways, bridges, roads, etc.).
Top Qualifications, Skills, Experience or Certifications:
1. Six (6) years in Cybersecurity or related Information Technology fields, Bachelors and three (5) years or more experience; Masters and one (4) year or more experience
2. Experience working with Endpoint Vulnerability Scanning solutions, specifically Tenable Nessus
3. Security+, CISSP, CISM, CISA, GCIH, OSCP, CEH, or similar certification
4. Experience with and understanding of Federal Cybersecurity requirements (i.e. FISMA, NIST 800 series, etc)
5. Solid experience in vulnerability management, risk assessment and mitigation, and comprehensive remediation actions
6. Great communications skills with the capacity to describe vulnerability management concepts to unacquainted individuals
7. Ability to collaboration and coordinate with cross-functional teams
Job Role Specific Requirements:
1. Engage with Federal Leadership and counterparts to identify endpoint vulnerabilities and provide feedback / guidance on remediation actions; Engage with system and application administrators to coordination remediation efforts to meet required timelines; Develop and enhance vulnerability identification and remediation status tracking and reporting to present cyber related risks; Engage with system and application administrators and Federal counterparts to troubleshoot issues associated with endpoint vulnerability scanning; Work Cyber related security operations ITSM (ServiceNow) assigned tickets to completion; Participate in relevant Cybersecurity and Security Operations (SecOps) meetings; Collaborate on and provide feedback to cybersecurity solutions that enhance security posture
Preferred skills and qualifications:
2. Familiarity with and foundational understanding of the Vulnerability Management lifecycle, application and technology stacks, cloud-based systems, operating systems, databases, networking, firewalls, Data Loss Prevention, Endpoint Security Software, Network Intrusion Detection and Prevention Systems (IDS/IPS) and host-based IDS and IPS and general cyber security best practices and industry standards, to include the Federal Information Security Modernization Act, the NIST Risk Management Framework and NIST Cybersecurity Framework