Senior Vulnerability Management Analyst

Merrifield, VA

XOR Security logo
XOR Security
Apply now

Posted 3 weeks ago

Job Description:

XOR Security is currently seeking a Senior Vulnerability Management Analyst to support a large commercial financial entity. VAT Analysts will conduct enterprise and application level security assessment. To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, threat analysis, continuous monitoring and vulnerability assessment.  Strong written and verbal communications skills, researching and analysis skills, and attention to detail. The ideal candidate will have a solid understanding of operating system and application vulnerabilities, with hands-on experience conducting enterprise-level vulnerability scans and network penetration testing.

Required Qualifications:

  • Experience with both Qualys and InsightVM 
  • Minimum 3 years of professional experience conducting vulnerability assessment
  • Strong analytical and technical skills in conducting vulnerability assessments, conduct troubleshooting of failed scans, as well as abilities and prior experience with analyzing vulnerability reports from enterprise assessment tools such as 
  • Ability to assess large-scale reporting, analyze trends, and provide contextual reporting to senior management and system owners.
  • Excellent organizational and attention to detail in tracking and reporting compliance activity and trend analysis of enterprise vulnerabilities.
  • Ability to develop follow-up action plans to resolve reportable issues and communicate with the other technologists to address security threats and vulnerabilities
  • Identify security gaps, evaluate and implement enhancements.
  • Ability to stay up to date with current vulnerabilities, attacks, and countermeasures and provide a detailed analysis of enterprise risks, compensating controls, and risk mitigation plans
  • Able to collaborate on problem management and root cause analysis discussions with fellow network engineers, security engineers, and analysts
  • Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment
  • A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).

Desired Qualifications:

  • Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering
  • One or more certifications for VAT Analysts:  GPEN, GWAPT, GSNA, GMON, GISF, GAWN, GWEB, GXPN, CEH, GNFA, OSCP, OSEE, OSCE, OSWP, CISSP
  • Ability to develop an enterprise Red Team capability

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.


Job tags: Active Directory Analytics CEH CISSP DNS GPEN GXPN Linux OSCE OSCP OSEE Penetration testing Qualys Red team Reporting Reports Vulnerabilities Vulnerability management Windows