Vulnerability Management Analyst
Falls Church, Virginia, United States
OVERVIEW: OVERVIEW: phia LLC is seeking a skilled vulnerability management analyst to join our team of qualified, diverse individuals. The position supports one of the largest and most complex logistics organization in the world with over 600,000 users, 600+ applications and large IP enabled footprint with a diverse set of computing technologies in play. This position will be located in Falls Church, VA or Eagan, MN (Full/frequent remote during the pandemic).
DUTIES: Provide technical insight to deliver vulnerability analysis of a wide breadth of technical vulnerabilities across a world class enterprise. This role is action and solution oriented with an emphasis on Tenable Nessus - vulnerability management solutions and capabilities.
- Conduct analysis and actions around the enterprise vulnerability management solutions across a large and diverse environment (600K+ users, 600+ applications, large IP enabled footprint)
- Ability to work within Tenable Nessus and Splunk for vulnerability management to triage, analyze and coordinate remediation actions or notifications
- Working experience with other vulnerability management scanners and technologies applicable such as Rapid7, Qualys, Nessus, etc.
- Working knowledge of scripting and shell/PowerShell knowledge is useful, but not required
- Experience working with ticketing and workflow solutions such as ServiceNow, Jira, Remedy, etc.
- Collaborate with business and IT staff to understand strategic and tactical business, application or service requirements then translate those into vulnerability analysis and management solutions
- Provide guidance and inputs to determine, develop, plan, test, and implement vulnerability management protection and security requirements for the enterprise
- Provide complex technical guidance, oversight, and enforcement of security directives, policies, standards, plans, and procedures
- As required develop documentation including security-focused operational procedures and training materials
- Provide guidance on integrating government or commercially mandated security controls into Tenable Nessus - Vulnerability Management system
- Develop and present status / metrics / KPIs to management
- Identify roadblocks and propose effective solutions
- Candidates with experience in Tenable - Vulnerability Management or similar solutions: Qualys, eEye Retina, Rapid7, etc.
- 3-8+ (determines seniority level) years of proven experience improving enterprise Tenable - Vulnerability Management (or similar VM solutions)
- 3-8+ (determines seniority level) years of experience in systems administration or operations of Tenable - Vulnerability Management
- 3-8+ (determines seniority level) years of experience in integration, scripting/coding development and configuration of Tenable - Vulnerability Management
- Understanding of technical fundamentals with TCP/IP, DNS/HTTP/SMTP, OSI model, operating systems, web applications, databases, mobile applications, virtualization, cloud and other core IT disciplines
- Bachelor’s degree in a technical field required or equivalent experience (i.e. 4 years for bachelors, 2 years for masters)
- Experience operating and analyzing outputs of vulnerability management solutions, especially Tenable Nessus
- Experience coordinating VM services in large enterprises:
- Ability to propose and implement creative solutions around security Tenable Nessus - Vulnerability Management
- Cross-functional understanding of Tenable - Vulnerability Management operations, security practices and the user experience
- Good communication skills, both oral and written
- Background with exposure to more advanced experience in programming or scripting (e.g. Python, Java, C#, C/C++, PowerShell, Perl, Shell Scripting)
- Related certifications: CISSP, CEH, SFCP, GCIA, ISSEP, ISSMP, GCIH, GCFA, CSLC, CISM, CCNA, CCNP, product specific certifications or training Tenable - Vulnerability Management
WORK SCHEDULE: Core Hours (8am-5pm; start/stop times flexible)
TRAVEL: <5 %
TELEWORK ELIGIBILITY: Full/frequent remote during the pandemic
SECURITY REQUIREMENTS: Ability to obtain Public Trust or higher
phia, LLC is a Northern Virginia based, 8a certified small business that was established in 2011. We focus on the full spectrum of disciplines within the cyber, intelligence, and technology arenas.
We support mission-critical teams within various agencies and offices within the Federal government, including Civilian, Defense, Law Enforcement and Intel. We like to describe phia as truly by technical people and for technical people. phia’s founders wanted to create an employee-centered culture, where we care about the people as much as the mission.
Our goal is to continue to hire talented and passionate team members, who desire to grow their skillsets as well as the reputation of the company with our partners, clients and stakeholders. With this goal in mind, we invite you to apply for positions, even if you don't meet the desired years of experience listed in our position descriptions. We are more interested in intellectually curious individuals with the ability to work autonomously and with teams. If your experience does not match our exact requirements of a position but you are otherwise an awesome candidate, we will work hard to find a position that suits you.
Our company culture is unique; we consider everyone on the team a part of the “phia phamily”. We make great efforts to foster cohesiveness through one-on-one interactions, professional mentoring, and group outings. In short, our leadership team is personally invested in each employee. phia offers a rewarding environment with talented & passionate people.
phia offers excellent benefits for full time W2 candidates to enhance the work-life balance, these include the following:
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Life Insurance
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Paid Holidays
- Paid Time Off (PTO)
- Tuition and Professional Development Assistance
- Flex Spending Accounts (FSA)
- Parking Reimbursement
- Monthly Payroll