Senior VAT Analyst

Leidos has an immediate need for an experienced Vulnerability Assessor for a new customer on a highly-visible and strategic Cybersecurity Task Order. The VAT Analyst will need to be a self-starter with excellent analytical and problem-solving skills, flexibility, good judgment, and the ability to work within a team to stand up and mature the cybersecurity capabilities of our customer

Primary Responsibilities:

• Provide policy guidance for 4300A updates.
• Create and maintain SOPs and guidance documents as needed.
• Provide training to new VAT personnel as needed.
• Provide Swimlane admin assistance for FISMA List maintenance.
• Deliver all requested work products by agreed upon due dates and deadlines
• Create and publish security related alerts, bulletins, and notifications to all DHS components based on identified software and hardware vulnerabilities and monitor for compliance.
• Continuously perform and distribute research on emerging threats to the environment in order to disseminate the information to all stakeholders, immediately assess the known environment for presence of the vulnerability, and work with the NOSC and enterprise networking teams to proactively block exploitation within the DHS environment.
• Support Vulnerability Tracking and Reporting.
• Support NOSC enclave, HSEN, and RTIC through conducting scheduled and ad-hoc vulnerability scanning.
• Employ ad-hoc or emergency VA scanning to support targeted incident investigation, escalation and emergency response to security events in accordance with documented procedures.
• Coordinate with Component security staff to explain findings, provide recommendations on mitigations, and advocate for mitigation of vulnerabilities.
• Conduct, operates, and maintains assessments and the resulting Vulnerability Assessment (VA) data and reports.
• Conduct Host-based and Network Vulnerability Assessments.
• Conduct Database Vulnerability Assessments.
• Conduct Web-based Vulnerability Assessments.

Basic Qualifications

BS degree in Science, Technology, Engineering, Math or related field and 8-12 years of prior relevant experience with a focus on cybersecurity OR Masters with 4-6 years of prior relevant experience. Additional years of experience may be considered in lieu of a degree and cyber certifications.

• At least two years of direct experience in vulnerability assessment/management.
• Familiar with the management, operational, and technical aspects of IT Security in a complex environment. 
• Experience working with industry-standard cybersecurity methodologies and processes
• Advanced knowledge of TCP/IP protocols
• Experience configuring and implementing various technical security solutions,
• Substantial experience managing vulnerability/compliance scans using Nessus
• At least one of the following certifications:

SANS GIAC: GCIA, GMON, GCDA GPEN, GEVA, GWAPT, GSNA, GISF, GAWN, GXPN, GWEB

Offensive Security: OSCP, OSCE, OSWP, OSEE

ISC2:  CISSP

EC Council: CEH

• Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program

Preferred Qualifications

• Previous experience working in a DHS or other federal government agency SOC/NOC/NOSC environment
• Familiarity or experience in Intelligence Driven Defense, Cyber Kill Chain methodology, and/or MITRE ATT&CK framework.

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.