Vulnerability and Threat Analyst

Location: Alexandria, VA
Date Posted: 05-02-2018
Location: Alexandria, VA 22315  
Clearance Required: Must have Active Secret, will support up to a TS/SCI
Certifications: Must be DoD 8570 IAT II and CSSP-A compliant
Specific duties include:
  • Perform vulnerability scans and audits on USCG sites’ systems to support CCRIs as the USCG technical representative
  • Perform vulnerability scans on USCG public-facing website applications and report results to developers for remediation and/or mitigation
  • Maintain and administer enterprise-wide ACAS system, performing vulnerability scanning and reporting
  • Utilize automated scanning tools and a host of security-related, web based applications, to report, identify and track assets’ vulnerabilities throughout the systems lifecycle
  • Ensure information assurance for devices on the Enterprise Networks (SIPR & NIPR) utilizing tools such as Assured Compliance Assessment Solution (ACAS), Tenable Nessus, HBSS, and Continuous Monitoring and Risk Scoring (CMRS)
  • Conduct operating system, application, and database vulnerability assessments on various Information Systems as part of the Independent Verification and Validation scanning program and Certification and Accreditation process for enterprise systems
  • Conduct vulnerability and compliance scans, resolve connection and access issues to ensure accurate scan data, analyzes vulnerability assessment data, creates reports, supports USCG Command Cyber Readiness Inspections (CCRI), and assists the Blue Team security assessment efforts
  • Perform Tenable Security Center and stand-alone Nessus Web Client administration; routine software/hardware maintenance
  • Provide ACAS customer support for the entire USCG organization; create and manage ACAS user accounts, monitor reoccurring monthly scans, configure Security Center asset lists, scan policies, reports and unique dashboards highlighting critical vulnerabilities and provide trend analysis; troubleshot and resolve customer issues and/or concerns, and provide ACAS training
  • Analyze network security posture, implement various Information Assurance (IA) security controls, DISA Security Technical Implementation Guidelines (STIG), DHS directives, NIST security configuration checklists and security updates to systems and software to meet United States Cyber Command (USCYBERCOM) Information Assurance Vulnerability Management (IAVM) alert Communications Tasking Orders (CTO) and DHS Information Security Vulnerability Management (ISVM) alerts and policies; Create vulnerability risk assessment reports providing justification for USCG sites Authority to Operate (ATO) in accordance with FISMA and C&A requirements to include: DoD IAVM and Task Order compliance tracking through the Vulnerability Management System (VMS)
  • Manage Tenable’s SecurityCenter and Nessus software used for the DoD Assured Compliance Assessment Solution (ACAS)
  • DoD and DHS experience is desired but not required
  •  Must be proficient with ACAS, HBSS, Nessus, MS Office
  • Must be a team player, eager to assist colleagues and government staff with handling evolving priorities and multiple tasks
  • Must have the ability to work in a dynamic environment and meet projected suspense dates
  • Up to 10% travel is required.
  • Clearance: active DoD Secret Clearance
  • Certifications: Must be DoD 8570 IAT II and CSSP-A compliant.
  • Years of Experience: 5 years of  IT experience required
this job portal is powered by CATS