NetGO Inc.
Senior Vulnerability Management Analyst
Remote
·
Full time
NetGO has a current opening for a Security Vulnerability Analyst that will support a full range of cyber security services on a long-term contract in the Washington, DC area. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.
Description
100% Fully Remote Position
Responsibilities:
- Monitoring vulnerability scans and the status of scanning appliances in enterprise datacenters
- Participating in deployment meetings, reviewing network topologies to place scanners in proper areas of networks to gain visibility to assess security posture
- Running scheduled and ad hoc security reports detailing enterprise security posture
- Researching and troubleshooting networking issues and events to find root-cause analysis
- Develops risk-based mitigation strategies for networks, operating systems, and applications
- Conduct continuous monitoring and evaluate the effectiveness of the enterprise's cybersecurity safeguards
- Review security vulnerabilities across a variety of technologies and environments to resolve high risk vulnerabilities to business assets.
- Review and define requirements for information security solutions
- Provide recommendations and guidance to the customer enabling program improvements and reducing risk across the enterprise.
Qualifications:
- Strong analytical and verbal communication skills
- Demonstrated ability to interact effectively with senior management and leadership
- 7-10 years of successful network and cloud-based troubleshooting experience
- Experience managing a large and complex network
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to vulnerability management.
- Expertise with tools such as Nessus, Burp Suite, Metasploit, Kali Linux, NMAP, Nikto, WPScan, SQLmap
- Ability to craft enterprise-specific implementation guidance for system owners who are attempting to satisfy NIST SP 800-53 controls.
- Experience with an ISCM tool and leading ISCM tactics, tools, and procedures
- Experience and specialized training in DoD’s ACAS and HBSS systems, including Information Security Continuous Monitoring (ISCM) and Insider Threat (InT);
- Planning, execution, and assessment of threats
- Ability to conduct research on new and emerging information technologies and develop vulnerability assessment capabilities
Preferred Qualifications:
- DevSecOps experience
- Experience with governance, risk assessment, and compliance for FISMA, FedRAMP, and NIST SP 800 series including NIST SP 800-37 and NIST SP 800-53, system security plans, security and privacy controls, POA&M management, assessment and authorization (A&A), Authority To Operate (ATO) and continuous monitoring processes
- Experience compiling and tracking vulnerabilities and mitigation results to quantify program effectiveness
- Experience creating and maintaining vulnerability management policies, procedures, and training
Education/Certifications/Licenses:
- Bachelor's degree in Computer Science, Information Technology, Cyber Security or related field, or equivalent combination of education and experience and training
- 10+ years’ of Vulnerability Assessment experience
- One or more of the following certifications:
- CISSP
- Security+
- Network+
- CySA+
- CompTIA
- The GIAC Security Essentials Certification
- Active Public Trust 6c clearance or higher or eligible for Public Trust 6c clearance
- Experience with governance, risk assessment and compliance for FISMA, FedRAMP, and NIST SP 800 series including NIST SP 800-37 and NIST SP 800-53, system