Overview
Skills
Job Details
*SHIP REQUIRED*
*ACTIVE US DOD TOP SECRET CLEARANCE OR HIGHER REQUIRED - CANDIDATES WITHOUT AN ACTIVE TOP SECRET CLEARANCE ARE NOT ELIGIBLE*
*THIS IS AN ON-SITE POSITION*
*RELOCATION ASSISTANCE MAY BE CONSIDERED*
DESCRIPTION OF POSITION/DUTIES:
All Points is seeking a Cleared Cyber Security Engineer Vulnerability Analyst to join our team at Offutt AFB in Omaha, Nebraska. Vulnerability Analyst within the Cyber Security Engineering (CSE) team are responsible for providing Cyber Security support to USSTRATCOM operations and various organizational functions through cyber security analysis of system vulnerabilities and artifacts. Ensures the implementation of the Risk Management Framework (RMF), through the required government policy, make recommendations on process tailoring, participate in and document process activities. Document the results of Assessment and Authorization (A&A) activities and coordination activity to support System Security Plans (SSP) and Plan of Actions and Milestones (POA&Ms).
Serve as a vulnerability analyst conducting vulnerability analysis, assessments, mitigations, and POAM expertise across multiple enclaves providing support to the customer in the area of Cybersecurity and Operations.
Job Responsibilities:
- Use network analysis tools to perform vulnerability correlation, prioritization, and tasking of findings discovered in scans and vendor bulletins supporting the Vulnerability Management Program
- Develop, maintain, and track reports that identify technical and procedural findings to facilitate recommended remediation strategies/solutions through POA&Ms and RMF workflow process.
- Proactively monitor vendor advisories and the DoD Cyber Tasking Orders (CTO) process to perform vulnerability/risk management analyses in support of Assessment & Accreditation (A&A) activities
- This analyst position will help to ensure the implementation of the Risk Management Framework (RMF), make recommendations on process tailoring, participate in and document process activities, and assist with the results of Assessment and Authorization (A&A) activities.
Daily tasks include, but are not limited to:
- Using the Tenable Assured Compliance Assessment Solution (ACAS) tools including Security Center and Nessus to perform vulnerability correlation for findings discovered in scans and vendor bulletins supporting RMF requirements for Vulnerability Management
- Create, assign and help prioritize tasks within BMC Remedy to remediate vulnerabilities discovered during vulnerability scans and from vendor bulletins in support of the Vulnerability Management Program.
- Utilize vulnerability management resources such as JFHQ-DODIN IAVMs, National Vulnerability Database (NVD), and Common Vulnerabilities & Exposures (CVE) database to research vulnerabilities.
- Research vulnerabilities through web-based recourses to include: Adobe Security Advisories, CISA Known Exploited Vulnerabilities Catalog, Cisco Bug ID, Cloud Security Alliance, Mozilla Security Advisories, MSRC, National Vulnerability Database, Open Web Application Security Project, Oracle Security Alerts and Bulletins, Palo Alto Networks Security Advisory, Red Hat CVE Database, Tenable, VMSA, Zero Day Initiative
- Provide in-depth analysis on vulnerabilities to leadership when required including information such as: vulnerability summary, risk assessment, and potential mitigating actions
- Exercise knowledge of installation, maintenance, and upgrade techniques for Operating Systems and applications for server and client environments to identify security vulnerabilities
- Perform data analysis and assessment of metrics to determine security posture; briefs data to partners/leadership
- Actively track and report Zero-Day status to stakeholders in-line with Directorate daily reporting requirements
- Understand, adhere to, and implement overall cyber security and configuration policies and procedures in alignment with industry standard security compliance framework
- Work directly with system/enclave Information System Security Managers (ISSMs), Program Managers (PMs), Security Control Assessors (SCAs) and other security teams on security related issues regarding assigned projects
- Utilize and navigate Microsoft products such as Word, Excel, and SharePoint in carrying out daily tasks
EDUCATION:
- Ideally have/seeking degree with focus on information/cyber security
YEARS OF EXPERIENCE:
- 3 - 8 Years
SKILLS/CERTIFICATIONS:
Required Certifications:
- CompTIA Security+ within the first 120 days of employment (ideally by start date)
- Maintaining or actively pursuing DoD 8570 certifications in IAT or IAM-focused certification (CAP/CGRC, CYSA+, CEH, CISM, CISSP, GIAC, etc.).
Additional Desired Experience:
- Tenable Nessus - Assured Compliance Assessment Solution (ACAS)
- Information Assurance Vulnerability Management (IAVM) Program Management
- Risk Management Framework (RMF)
- BMC Remedy
- Any experience utilizing DOD approved cybersecurity monitoring solutions and tools, as well as experience in one or more of the following technologies: UNIX Operating System; RHEL Operating System; Windows Operating Systems
- SQL and Oracle Databases
- CISCO IOS
- Containerized Platforms
SECURITY CLEARANCE:
- FULL UNITED STATES CITIZENSHIP REQUIRED
- ACTIVE AND CURRENT US DoD TOP SECRET CLEARANCE (OR HIGHER) REQUIRED and special access.
Positions with All Points are Full-time, Direct, and we offer a full benefit package. For more information, please visit our Career Portal.
ALL POINTS IS AN EQUAL OPPORTUNITY AND AFFIRMATIVE ACTION EMPLOYER