Cyber Security Analyst - MID

Job Description: 

Novetta is looking for an information technology analyst for a cybersecurity team which performs vulnerability analysis for a customer with a complex network featuring over 100,000 endpoints. The objectives of the team are to assist the enterprise with vulnerability management and to provide tailored remediation strategies to stakeholders in order to improve the overall cybersecurity posture of the organization. In this role, you will assist a small team in vulnerability identification and prioritization for stakeholders at all levels across the enterprise. This will include analysis of high-profile and high-impact vulnerabilities, zero-day threats, the creation and execution of mitigation strategies, and liaising with various IT stakeholders to coordinate implementation of such strategies.

Further aspects of this role will involve:

• Assisting enterprise efforts on cybersecurity assessments, and coordinating and executing remediation and mitigation strategies;
• Preparing reports and conducting briefings for senior leadership related to both routine and high-profile vulnerability analysis;
• Developing and perform high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, policy compliance, and vulnerability analysis of the overall enterprise security posture;
• Communicating recommendations to the responsible parties, and subsequently engaging in both tracking and verification of their remediation efforts;
• Interfacing with cybersecurity product vendor support teams to keep abreast of developments within products currently in use;
• Documenting team processes for use in internal Standard Operating Procedures (SOPs), and other on-the-shelf documentation of processes for future team reference;
• Building working relationships to effectively complete the mission, while acknowledging and respecting stakeholder needs and requirements;
•  Both formulating new and adjusting existing information security metrics for the purpose of analysis and greater enterprise security posture awareness; and consultation and support to other parties concerning Computer Network Defense (CND),  often on an ad hoc basis, as necessary for the mission.

Basic Qualifications:

• Bachelor’s Degree or equivalent years of experience in a relevant field (e.g. Cybersecurity, Information Technology, or Computer Science);
• Minimum two (2) years of experience in information security, information technology, or related field;
• Experience with traditional Blue Team or Red Team network security activities, and the performance of cyber risk assessments through correlating known vulnerabilities, understanding the threat environment, and prioritizing to mitigate risk to network assets;
• Effective written and verbal communications skills to prepare and present security assessment results to stakeholders, and to further build relationships with them;
• Demonstrated ability to review publicly-disclosed vulnerabilities, determine their relevance for the Department, asses impact to Department systems, and recommend appropriate remediation actions to relevant stakeholders and leadership;
• Working-level proficiency in Splunk, or other enterprise-level data aggregation tools (the ability to execute basic queries, create reports and dashboards);
• A demonstrated understanding of the Lockheed Martin Cyber Kill Chain, MITRE Attack Framework, and relevant threat actors as part of demonstrating understanding of the cyber threat landscape;
• A demonstrated ability to review vulnerability and security configuration compliance scan results, highlight relevant findings, identify impact, and recommend next steps for remediation;
• Some familiarity and understanding of networking hardware security configurations–specifically with regard patch cycles and security configurations compliance

Desired Qualifications:

• Security+ and/or Network+ certification;
• Some experience or familiarity with NIST Special Publication 800-53, cybersecurity policy development as influenced by NIST documentation, and CVE (Common Vulnerabilities and Exposures) standards;
• Experience with project management to ensure stakeholders remain on schedule with patching and policy compliance to improve overall network security posture

Security:

• Active Secret clearance required
• Top Secret security clearance preferred

Novetta, from complexity to clarity.

Novetta delivers highly scalable advanced analytics and secure technology solutions to address challenges of national and global significance. Focused on mission success, Novetta pioneers disruptive technologies in machine learning, data analytics, full-spectrum cyber, cloud engineering, open source analytics, and multi-INT fusion for Defense, Intelligence Community, and Federal Law Enforcement customers. Novetta is headquartered in McLean, VA with over 1,300 employees across the U.S. 

Our culture is shaped by a commitment to our core values:

Integrity • We hold ourselves accountable to the highest standards of integrity and ethics.

Customer Success • We strive daily to exceed expectations and achieve customer mission success.

Employee Focus • We invest in our employees’ professional development and training, respecting individuality, and fostering a culture of diversity and inclusion.

Innovation • We know that discovering new and innovative ways to solve problems is critical to our success and makes us a great company.

Excellence in Execution • We take pride in flawless execution as we build a company that is best in class.

Earn a REFERRAL BONUS for the qualified people you know.  

For more details or to submit a referral, visit bit.ly/NovettaReferrals.

Novetta is an equal opportunity/affirmative action employer.

All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.