Be an early applicantLess than 25 applicants

Company

Original Job Post

Leidos · 2 days ago

Vulnerability Analyst

Springfield, VA

Full-time

Hybrid

Mid Level

$81K/yr - $147K/yr

4+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

ComputerGovernment

Actively Hiring

Insider Connection @Leidos

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Provide policy guidance for 4300A updates.

Create and maintain SOPs and guidance documents as needed.

Provide training to new VAT personnel as needed.

Provide Swimlane admin assistance for FISMA List maintenance.

Deliver all requested work products by agreed upon due dates and deadlines.

Create and publish security related alerts, bulletins, and notifications to all DHS components based on identified software and hardware vulnerabilities and monitor for compliance.

Continuously perform and distribute research on emerging threats to the environment in order to disseminate the information to all stakeholders, immediately assess the known environment for presence of the vulnerability, and work with the NOSC and enterprise networking teams to proactively block exploitation within the DHS environment.

Support Vulnerability Tracking and Reporting.

Support NOSC enclave, HSEN, and RTIC through conducting scheduled and ad-hoc vulnerability scanning.

Employ ad-hoc or emergency VA scanning to support targeted incident investigation, escalation and emergency response to security events in accordance with documented procedures.

Coordinate with Component security staff to explain findings, provide recommendations on mitigations, and advocate for mitigation of vulnerabilities.

Conduct, operates, and maintains assessments and the resulting Vulnerability Assessment (VA) data and reports.

Conduct Host-based and Network Vulnerability Assessments.

Conduct Database Vulnerability Assessments.

Conduct Web-based Vulnerability Assessments.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Vulnerability AssessmentIT SecurityCybersecurity MethodologiesTCP/IP ProtocolsTechnical Security SolutionsNessusSANS GIACOffensive SecurityISC2 CISSPEC Council CEHDHS Entry on DutyCyber Kill ChainMITRE ATT&CKIntelligence Driven Defense

Required

BS degree in Science, Technology, Engineering, Math or related field and 4-8 years of prior relevant experience with a focus on cybersecurity

At least two years of direct experience in vulnerability assessment/management

Familiar with the management, operational, and technical aspects of IT Security in a complex environment

Experience working with industry-standard cybersecurity methodologies and processes

Advanced knowledge of TCP/IP protocols

Experience configuring and implementing various technical security solutions

Substantial experience managing vulnerability/compliance scans using Nessus

At least one of the following certifications: SANS GIAC: GCIA, GMON, GCDA GPEN, GEVA, GWAPT, GSNA, GISF, GAWN, GXPN, GWEB; Offensive Security: OSCP, OSCE, OSWP, OSEE; ISC2: CISSP; EC Council: CEH

Department of Homeland Security (DHS) Entry on Duty (EOD) is required to support this program