NETE is seeking a Security Risk Assessor and Vulnerability Management Analyst who will be a key member of a consulting team providing advice and support, to federal agencies, in the areas of information security and assurance. This role will be primarily responsible for coordinating vulnerability\risk assessment tasks as per the guidelines provided by National Institute of Standards and Technology (NIST).
Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
Support authorized penetration testing on enterprise network assets.
Prepare reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
Perform vulnerability and risk analyses and measure effectiveness of controls against known vulnerabilities.
Work with stakeholders to manage risks and vulnerabilities.
Perform technical evaluation of technology and non-technical evaluation of people and operations.
Perform impact, risk, and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, supporting infrastructure, and applications).
Identify systemic security issues based on the analysis of vulnerability and configuration data.
Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
Ensure remediation plans are in place for vulnerabilities identified during risk assessments, audits, and inspections. Provide clear updates to management on vulnerabilities. Investigate, document, and report on status and emerging trends.
Maintain up-to-date vulnerability profiles, including respective detection and countermeasures.
Participate in industry task forces and work-groups, where appropriate, to understand current and emerging vulnerabilities to stay up to date.
Location: Rockville, MD
Bachelor’s degree in Management Information Systems and Security, computer Science, or related discipline. Master’s degree preferred.
Industry standard GRC certifications CRISC or GRCP, preferred but not required.
Minimum 4 years’ experience in Information Security, required.
Minimum 2 years’ hands-on experience in at least 3 of the following areas:
Risk management frameworks and processes.
Application of cybersecurity principles used for managing risks.
Use of cyber defense and vulnerability assessment tools and their capabilities.
Collecting, organizing and analyzing information from alerts, advisories, and bulletins.
Use of industry-standards and widely accepted analysis principles and methods.
Information technology (IT) risk management policies, procedures and operations.
Must have knowledge of:
Risk management processes such as methods for assessing and mitigating risk.
Cybersecurity principles, security models, organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation), cyber threats, risks and vulnerabilities, cryptography and cryptographic key management concepts, host/network access control mechanisms (e.g., access control list), network access, identity, and access management (e.g., public key infrastructure [PKI]), computer networking concepts and protocols, and network security methodologies.
Basic system administration, network, and operating system hardening techniques.
Experience in policy and procedure development, report writing and presentations, preferred.
Must be able to communicate complex-technical issues in simple terms and clearly, both orally and in writing to a wide audience.
Strong interpersonal skills, excellent attention to detail, and analytical skills.
Must be able to exercise discretion and maintain confidentiality.
Applicants selected will be subject to a Public Trust background security investigation and may need to meet eligibility requirements for access to sensitive information. US Citizens or Permanent Residents preferred.
NETE is a multi-award winning company as well as offers a collaborative working environment where growth is encouraged and nurtured. In addition, we offer competitive salaries that may include performance bonuses; and a comprehensive benefits package.
NET ESOLUTIONS CORPORATION (NETE) uses E-Verify to validate all new hires' ability to legally work in the United States.
NET ESOLUTIONS CORPORATION (NETE) is an equal opportunity employer and supports workforce diversity. All qualified applicants will receive consideration for employment without regard of race, color, national origin, religion, age, sex, disability, genetic information, sexual orientation, gender identity, pregnancy, child birth or related medical condition, marital status, veteran status or any other characteristic protected by law in terms, conditions and privileges of employment.
NETE is an Employer of National Service and encourages alumni of AmeriCorps and Peace Corps to apply for positions at our organization.
Disclaimer: The above description is intended to describe the general nature of work and level of effort being performed by individual’s assigned to this position or job description. This is not to be construed as a complete or exhaustive list of all skills, responsibilities, duties, and/or assignments required. Individuals may be required to perform duties outside of their position, job description, or responsibilities as needed.