Vulnerability Assessment Analyst - Hybrid

Job Description:

XOR Security is currently seeking talented, experienced Vulnerability Assessment Analysts for an exciting position supporting one of our premier clients. Our project is aimed at establishing cutting-edge techniques for network defense, identifying threats and detecting malicious activity using advanced toolsets.  The ideal candidate will have experience with Vulnerability Assessment/Analysis, Security Controls Assessment, Continuous Monitoring, Continuous Authorization, and FedRAMP assessments and will keep up to date on emerging trends in the cyber security field. 

Location:

Washington D.C., USA – On site 3 times a week

Skills and Qualifications:

Required Qualifications:

• An industry certification such as CASP, CAP, CISSP, CISM, GSEC, GMON, Security+
• 7 years of experience in Information Assurance
• Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience. 
• In-depth understanding and hands-on experience with Qualys, to include scanning with Security Technical Information Guides (STIG) and CIS benchmarks
• MS Excel pivot tables

Job Duties:

• Leverage enterprise scanning applications or tools approved by the government to complete this task. The vulnerability management support will require the Contractor to provide routine and ad-hoc automated vulnerability scans, scans in support of audits, scan result analysis, and validation scans of remediated vulnerabilities identified during Vulnerability Assessment & Penetration Testing engagements.
• Support vulnerability scans of information systems that are on-premises and hybrid cloud systems as necessary
• Support scanning and testing at the application and database level and shall refine and mature scanning metrics and thresholds to positively affect program maturity
• Work with system owners, system administrators and ISSOs to define the scope, develop a test plan, and rules of engagement as necessary
• Analyze weekly DHS Cyber Hygiene reports, facilitate remediation of findings therein, and promote comprehensive scanning coverage of all Internet- reachable IT assets
• Identify corrective actions, compensating controls, and assist with POA&M development in CSAM
• Identify mitigations for non-compliance, notify stakeholders of compliance issues and, where required, perform these mitigations
• Take into account any infrastructure challenges and make recommendations for improvements where needed. This includes third party service provider hosted Software as a Service (SaaS), Platform as a Service (PaaS) instances as well as Infrastructure as a Service (IaaS)
• Provide expertise in the review of new vulnerability technologies and capabilities and shall interact with other technology divisions to facilitate deployment

 Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.