Senior Vulnerability Management Analyst
XOR Security is currently seeking talented, experienced Vulnerability Assessment Analysts for an exciting position supporting one of our premier clients. Our project is aimed at establishing cutting-edge techniques for network defense, identifying threats and detecting malicious activity using advanced toolsets. The ideal candidate will have experience with Vulnerability Assessment/Analysis, Security Controls Assessment, Continuous Monitoring, Continuous Authorization, and FedRAMP assessments and will keep up-to-date on emerging trends in the cyber security field.
Washington D.C., USA
Skills and Qualifications:
- An industry certification such as CASP, CAP, CISSP, CISM, GSEC, GMON, Security+
- 7 years of experience in Information Assurance
- Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience.
- Leverage enterprise scanning applications or tools approved by the government to complete this task. The vulnerability management support will require the Contractor to provide routine and ad-hoc automated vulnerability scans, scans in support of audits, scan result analysis, and validation scans of remediated vulnerabilities identified during Vulnerability Assessment & Penetration Testing engagements.
- Support vulnerability scans of information systems that are on-premises and hybrid cloud systems as necessary
- Support scanning and testing at the application and database level and shall refine and mature scanning metrics and thresholds to positively affect program maturity
- Work with system owners, system administrators and ISSOs to define the scope, develop a test plan, and rules of engagement as necessary
- Analyze weekly DHS Cyber Hygiene reports, facilitate remediation of findings therein, and promote comprehensive scanning coverage of all Internet- reachable IT assets
- Identify corrective actions, compensating controls, and assist with POA&M development in CSAM
- Identify mitigations for non-compliance, notify stakeholders of compliance issues and, where required, perform these mitigations
- Take into account any infrastructure challenges and make recommendations for improvements where needed. This includes third party service provider hosted Software as a Service (SaaS), Platform as a Service (PaaS) instances as well as Infrastructure as a Service (IaaS)
- Provide expertise in the review of new vulnerability technologies and capabilities and shall interact with other technology divisions to facilitate deployment
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.