Lead Cyber Security Analyst (Vulnerability Management Program)

The Vulnerability Management Program (VMP) Lead will lead a team of cybersecurity analysts and will demonstrate expert-level knowledge in the planning, development, coordination, implementation, and execution of a vulnerability management program within a Federal organization. The VMP lead will:

  • Serve as a lead technical security tester working in a dynamic client environment, responsible for managing teams of approximately 2 to 3 testers.

  • Conduct compliance and vulnerability assessments on a broad range of systems, including mainframe, UNIX, Windows, networking, databases, virtual environments, applications, and Web servers.

  • Use both manual and automated methodologies to identify, assess, and report security risks, prioritize findings based on risk, and document detailed corrective and remediation plans or actions.

  • The VMP Lead will apply in depth technical knowledge to interpret reports and will communicate vulnerability statuses to subscribers.

  • Lead an effort for risk remediation using Tenable SecurityCenter including dashboard creation to coordination remediation efforts with System Owners.

  • Created customized Audit files for Tenable’s Nessus product to be used to scan for compliance and vulnerability scans.

  • Communicate threat, vulnerabilities, and risk information clearly to stakeholders in executive management positions and recommend solutions for client technical and security challenges.

  • Provide client outreach and education on Cybersecurity requirements through oral and written communication formats.

  • Develop, enhance, and implement risk management strategies to support Cybersecurity programs and engage with stakeholder partners to design and implement a holistic risk management strategy.

  • Develop schedules in coordination with multiple teams to illustrate the sequence of patching schedules, scan schedules, and their impact on the reports delivered to senior leaders at any given point in time.

  • Operate in a fast-paced environment using leadership expertise and provide thoughtful ideas on process improvements and enhancements.

T his position is located in the Washington, DC area.
Basic Qualifications:

  • 5+ years of experience with IT audits, including conducting technical security compliance tests and vulnerability assessments

  • 3+ years of experience with developing or implementing risk management strategies

  • 2+ years of experience in a lead role

  • Knowledge of NIST SP 800 series and testing NIST SP 800-53 security controls

  • Demonstrate experience with the planning, development, coordination, execution and improvement of compliance and vulnerability management related processes.

  • Demonstrate expert-level knowledge of scanning, patching, data analytics technologies, and apply in depth knowledge and experience of industry best practices for vulnerability management, risk analysis, and vulnerability remediation plan development.

  • Demonstrate knowledge and experience with Information Assurance Vulnerability Alerts from higher headquarters to ensure functional levels remain compliant.

  • Ability to present IT security risk to business and technical executive management effectively

  • Demonstrate experience communicating at a functional level and with government leaders, development of quality and accurate work products, and concise communication with senior clients including development of written reports.

  • Experience with configuring and conducting Nessus compliance scans

  • Ability to be detail oriented and organized and plan and prioritize multiple tasks

  • Ability to work independently and as part of a multi-disciplined, dynamic team

  • Ability to obtain a security clearance

  • BA or BS degree

Additional Qualifications:

  • Apply technical knowledge of various programming and computer languages including Regular Expression and Python.

  • In-depth, subject matter expertise with the DoD ACAS.

  • Experience with data analytics and risk modeling

  • Knowledge of Cybersecurity threats and techniques used by adversaries

  • Possession of excellent analytical, problem solving, and interpersonal skills

  • Possession of excellent oral and written communication skills

  • BA or BS degree in Cybersecurity, IT, Forensics, or Computer Engineering preferred

  • CISSP Certification preferred

  • Tenable Certified Nessus Auditor (TCNA)

Job Type: Full-time

Jen Coy