Vulnerability Management Analyst

Maryland, Reston, Elkridge

Apply on-line Now

Position Description

Develop, document, and convey IAVM operational requirements to enhance capabilities to identify, track, and remediate system and network vulnerabilities for a real-time patch management capability
• Review, assess and provide remediation recommendations regarding discovered vulnerabilities and their potential impact
• Conduct research and evaluate all-source cyber intelligence to develop in-depth analysis & assessment on threats to vulnerabilities
• Perform vulnerability assessment on a recurring and ad hoc basis as need arise using automated and manual capabilities
• Research relevant cyber-intelligence feeds and contextualize findings for specific vulnerabilities
• Monitor relevant sources for information for vulnerabilities cyber assets
• Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities
• Prioritize identified vulnerabilities based upon severity, potential operational impact, and other factors for DoD
• Utilize tracking tools to upload information for DoD component consumption and vulnerability compliance tracking
• Create situational awareness products to provide DoD components with detailed information related to vulnerabilities and appropriate mitigation strategies
• Compile daily, weekly and annual vulnerability metrics associated with affected and non-affected DoD/IC products
• Perform data analysis to ensure completeness of vulnerability scan data across the information system by comparing asset inventory sources against vulnerability scan data using query languages such as T-SQL and Kusto
• As needed, update scope definitions for vulnerability scan results by generating or modifying a T-SQL and/or Kusto query
• Generate scan data in support of (yearly) compliance audits
• Verify new feature delivery from worldwide reporting team by running queries to ensure data is complete and there are no regressions
• Update PowerBI dashboards with new insights
• Work with service teams to ensure their vulnerability remediation processes are compliant with compliance requirements
• Present vulnerability management process to auditors/customers, supporting the audit team for the information system
• Sync w/ worldwide reporting team and communicate changes with the reporting system to engineers and other stakeholders
• Operate exception management process and investigate/validate false positive detections from the vulnerability scanner
• Monitor, investigate, triage, contain, and mitigate cybersecurity alerts and incidents using Microsoft’s EDR, SIEM and CASB tools
• Perform threat and vulnerability management monitoring and provide remediation guidance
• Work with customer’s cybersecurity and IT to resolve incidents

• Five (5) years of related post-secondary education and/or experience in Information Security or Information Technology
• Bachelor’s degree in computer science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required. Four (4) additional years of experience may be substituted for a bachelor’s degree.
• DoD 8570 Compliance. IAT Level II Certification (CCNA Security, CySA+, CND, or SSCP) required. Knowledge of Federal, IC, and DoD Information Security regulations, publications, and policy
• Data analysis using T-SQL, Kusto, or other query languages
• System and network administration to provide a foundation for working within the information system, with an emphasis on cloud computing / large scale environments
• Project/program management to identify issues, coordinate resolution, and communicate status
• Minor amounts of database administration experience to update tables/data as needed
• Experience supporting security planning, assessment, risk analysis, and risk management
• Position requires TS/SCI clearance with Full Scope Polygraph (FSP)

Type: Full-time