Vulnerability Assessment Analyst

Alexandria, Virginia, United States

Applications have closed

Positions Available: 6 – FUOPS COAB Blue Team

Remote Capability: 4 Days On-Site in Alexandria, VA, 1 Day Remote Capability

Clearance Requirement: Secret or Top Secret, Active

Avint is seeking an experienced Vulnerability Assessment Analyst to support a Federal Agency contingent award starting mid to late Summer 2022. This position will perform duties related to performing penetration testing and vulnerability scans, analysis, validation and remediation activities utilizing various detection mechanism, supporting compliance management toolsets including development of automation processes and crafting solutions to engineering problems. Core competencies include: Information Systems/Network Security, Infrastructure Design, Vulnerability Assessments.

Requirements

  • Design and improve vulnerability reports, dashboards and automation workflows.
  • Connect with multiple teams in a sophisticated IT environment to resolve vulnerabilities.
  • Plan, communicate, coordinate and perform penetration tests and security assessments at application, system and enterprise levels.
  • Understand network security architecture concepts.
  • Simulate tactics, techniques, and procedures used by advanced cyber threat actors.
  • Assist with reconnaissance, threat modeling, vulnerability identification, authorized exploitation, and post-exploitation cleanup.
  • Develops automation/scripts for replicating vulnerability validation and penetration tests.
  • Perform IT security research to remain current on emerging technology trends and develop exploits for disclosed and undisclosed vulnerabilities.
  • Perform after-action reviews of all associated team efforts and products to ensure completion and accuracy of analysis.
  • Coordinate projects and initiatives within the Vulnerability Management Team.
  • Utilize automated and manual testing methods to validate vulnerability testing methods.
  • Proactive interest in emerging technologies and techniques related to penetration testing.

Technical Areas of Expertise

  • RMF Framework and Cybersecurity Framework.
  • NIST 800.53 and 800.171
  • Ability to create and operate virtual machines in different virtual environments such as VMware, vSphere, and/or others.
  • Experience using security assessment tools such as Nessus, and/or others.
  • Using COTS and GOTS software to identify vulnerabilities, assess impact and determine remediation actions based on your findings.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  • Knowledge and skill in the use of penetration testing principles, tools, and techniques.
  • Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • Skill in using network analysis tools to identify vulnerabilities (e.g., fuzzing, nmap, etc.)

Qualifications

  • Bachelor’s degree in a related field or technical discipline, or 7-10 years of equivalent work experience in similar roles within the DoD or Federal Government, demonstrating ability working in Vulnerability/Penetration Testing or a related Cyber Security role.
  • Security +, or another relevant IAT Level II Certification or be willing to obtain within 6 months of employment; IAT Level III: CISA or CISSP required for 2 out of the 6 open positions or be willing to obtain within 6 months of employment.
  • Experience working with large data sets and creating dashboards & reports using Splunk, PowerBI, or Tableau.
  • Solid understanding of Python or another scripting language.
  • Malware analysis or digital computer forensics experience is a plus.

Benefits

Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, a unique 401K plan, and generous PTO and Federal Holidays.

Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development!

Avint is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity and Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.

Tags: Application security Automation Blue team CISA CISSP Clearance Compliance DoD Exploits Forensics Malware Nessus Network security NIST Nmap Pentesting Python Scripting Security assessment Splunk SQL Top Secret VMware Vulnerabilities Vulnerability management Vulnerability scans XSS

Perks/benefits: 401(k) matching Career development Health care

Region: North America
Country: United States
Job stats:  7  2  0
Category: Analyst Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.