Senior VAT Analyst
9356 Washington, DC Non-specific Customer Site
Full Time Senior-level / Expert USD 101K - 183K
Leidos has an immediate need for an experienced Vulnerability Assessor for a new customer on a highly-visible and strategic Cybersecurity Task Order. The VAT Analyst will need to be a self-starter with excellent analytical and problem-solving skills, flexibility, good judgment, and the ability to work within a team to stand up and mature the cybersecurity capabilities of our customer
Primary Responsibilities:
- Provide policy guidance for 4300A updates.
- Create and maintain SOPs and guidance documents as needed.
- Provide training to new VAT personnel as needed.
- Provide Swimlane admin assistance for FISMA List maintenance.
- Deliver all requested work products by agreed upon due dates and deadlines
- Create and publish security related alerts, bulletins, and notifications to all DHS components based on identified software and hardware vulnerabilities and monitor for compliance.
- Continuously perform and distribute research on emerging threats to the environment in order to disseminate the information to all stakeholders, immediately assess the known environment for presence of the vulnerability, and work with the NOSC and enterprise networking teams to proactively block exploitation within the DHS environment.
- Support Vulnerability Tracking and Reporting.
- Support NOSC enclave, HSEN, and RTIC through conducting scheduled and ad-hoc vulnerability scanning.
- Employ ad-hoc or emergency VA scanning to support targeted incident investigation, escalation and emergency response to security events in accordance with documented procedures.
- Coordinate with Component security staff to explain findings, provide recommendations on mitigations, and advocate for mitigation of vulnerabilities.
- Conduct, operates, and maintains assessments and the resulting Vulnerability Assessment (VA) data and reports.
- Conduct Host-based and Network Vulnerability Assessments.
- Conduct Database Vulnerability Assessments.
- Conduct Web-based Vulnerability Assessments.
Basic Qualifications
BS degree in Science, Technology, Engineering, Math or related field and 8-12 years of prior relevant experience with a focus on cybersecurity OR Masters with 4-6 years of prior relevant experience. Additional years of experience may be considered in lieu of a degree and cyber certifications.
- At least two years of direct experience in vulnerability assessment/management.
- Familiar with the management, operational, and technical aspects of IT Security in a complex environment.
- Experience working with industry-standard cybersecurity methodologies and processes
- Advanced knowledge of TCP/IP protocols
- Experience configuring and implementing various technical security solutions,
- Substantial experience managing vulnerability/compliance scans using Nessus
- At least one of the following certifications:
SANS GIAC: GCIA, GMON, GCDA GPEN, GEVA, GWAPT, GSNA, GISF, GAWN, GXPN, GWEB
Offensive Security: OSCP, OSCE, OSWP, OSEE
ISC2: CISSP
EC Council: CEH
- Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program
Preferred Qualifications
- Previous experience working in a DHS or other federal government agency SOC/NOC/NOSC environment
- Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.
Original Posting Date:
2024-05-24While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:
Pay Range $101,400.00 - $183,300.00The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Tags: CEH CISSP Compliance Cyber Kill Chain FISMA GCIA GIAC Government agency GPEN GSNA GWAPT GXPN MITRE ATT&CK Nessus Offensive security OSCE OSCP OSEE OSWP SANS SOC Swimlane TCP/IP Vulnerabilities
Perks/benefits: Equity / stock options Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open PowerShell-related jobs