Tech Army, LLC · 3 months ago
Vulnerability Analyst
United States
Contract
Remote
Mid Level
$50/hr - $60/hrTech Army is seeking a Vulnerability Analyst to identify, assess, prioritize, report, and assist in mitigating vulnerabilities within the organization's information systems. The role involves conducting regular scans, analyzing vulnerabilities, prioritizing them based on severity, and recommending mitigation strategies while collaborating with IT and development teams.
ConsultingIT ManagementSoftwareStaffing Agency
Responsibilities
Possess a working level expertise with the National Institute of Standards and Technologies (NIST) Cybersecurity Framework (CSF) and the NIST 800-53 series of control families and approaches
Using automated tools and manual techniques to Client security weaknesses (i.e. Tenable Security Center, Nucleus Security, etc...)
Conducting regular scans and assessments of systems, applications, and networks to identify potential vulnerabilities
Analyzing the identified vulnerabilities to determine their potential impact on the organization
Prioritizing vulnerabilities based on their severity and the risk they pose to the organization
Performing routine assignment of tickets to IT and other teams to address vulnerabilities as part of a 'cyber hygiene' process
Recommending mitigation strategies to address identified vulnerabilities
Working with IT and development teams to apply patches, configure systems securely, and implement other remediation measures. This position is not expected to perform patching activities
Creating detailed reports on the findings of vulnerability assessments and risk analyses
Documenting the status of vulnerabilities and the actions taken to mitigate them
Communicating the results of vulnerability assessments, risk analyses, and other cyber hygiene work to stakeholders, including management and technical teams
Staying up to date with the latest cybersecurity threats, vulnerabilities, and best practices
Continuously improving the organization's vulnerability management processes and tools
Attend online/Teams meetings with team and others as appropriate
Work with team to provide status on current task, suggest improvements, discuss implementation, etc
Collaborate with IT and system administrators to create a patch management policy
Provide a prioritization of vulnerabilities for remediation based on risk assessment
Run 'Hygiene Improvement Process' (HIP) vulnerability tasks (e.g., generating prioritized list of systems or vulnerabilities to remediate, creating and assigning tickets, follow-up on tickets, enforcing mitigation requirements, reporting)
Develop a schedule, aligned with existing policy, for applying patches and updates to systems and applications
Monitor the effectiveness of patching efforts and adjust the plan as needed
Provide bi-weekly, monthly, and quarterly reports of vulnerability and patching efforts to various stakeholders
Implement CSPM/agent-based scanning for IaaS/PaaS; cover images, VMs, serverless, and managed services
Ensure tagging/ownership standards in cloud for routing remediation
Scan images in registries and at build time; block critical vulns from promotion
Introduce SCA for third-party libraries; integrate auto-dependency updates
Add SAST/DAST where applicable; tune to reduce false positives
Scan Terraform/CloudFormation/Kubernetes manifests; enforce guardrails in CI
Assisting and guiding business units with their vulnerability remediation as well as technical debt cleanup
Create and update Vulnerability risk acceptance/modification review/analysis and approval/non-approval
Document entire workflow of current system in current state and future state
Provide opportunities for automation within current and future state processes (i.e. python, bash, etc.)
Assist in vulnerability tool review/tuning
Qualification
Required
Possess a working level expertise with the National Institute of Standards and Technologies (NIST) Cybersecurity Framework (CSF) and the NIST 800-53 series of control families and approaches
Using automated tools and manual techniques to identify security weaknesses (i.e. Tenable Security Center, Nucleus Security, etc...)
Conducting regular scans and assessments of systems, applications, and networks to identify potential vulnerabilities
Analyzing the identified vulnerabilities to determine their potential impact on the organization
Prioritizing vulnerabilities based on their severity and the risk they pose to the organization
Performing routine assignment of tickets to IT and other teams to address vulnerabilities as part of a 'cyber hygiene' process
Recommending mitigation strategies to address identified vulnerabilities
Working with IT and development teams to apply patches, configure systems securely, and implement other remediation measures
Creating detailed reports on the findings of vulnerability assessments and risk analyses
Documenting the status of vulnerabilities and the actions taken to mitigate them
Communicating the results of vulnerability assessments, risk analyses, and other cyber hygiene work to stakeholders, including management and technical teams
Staying up to date with the latest cybersecurity threats, vulnerabilities, and best practices
Continuously improving the organization's vulnerability management processes and tools
Attend online/Teams meetings with team and others as appropriate
Work with team to provide status on current task, suggest improvements, discuss implementation, etc
Collaborate with IT and system administrators to create a patch management policy
Provide a prioritization of vulnerabilities for remediation based on risk assessment
Run 'Hygiene Improvement Process' (HIP) vulnerability tasks (e.g., generating prioritized list of systems or vulnerabilities to remediate, creating and assigning tickets, follow-up on tickets, enforcing mitigation requirements, reporting)
Develop a schedule, aligned with existing policy, for applying patches and updates to systems and applications
Monitor the effectiveness of patching efforts and adjust the plan as needed
Provide bi-weekly, monthly, and quarterly reports of vulnerability and patching efforts to various stakeholders
Implement CSPM/agent-based scanning for IaaS/PaaS; cover images, VMs, serverless, and managed services
Ensure tagging/ownership standards in cloud for routing remediation
Scan images in registries and at build time; block critical vulnerabilities from promotion
Introduce SCA for third-party libraries; integrate auto-dependency updates
Add SAST/DAST where applicable; tune to reduce false positives
Scan Terraform/CloudFormation/Kubernetes manifests; enforce guardrails in CI
Assisting and guiding business units with their vulnerability remediation as well as technical debt cleanup
Create and update Vulnerability risk acceptance/modification review/analysis and approval/non-approval
Document entire workflow of current system in current state and future state
Provide opportunities for automation within current and future state processes (i.e. python, bash, etc.)
Assist in vulnerability tool review/tuning
Proficiency in using vulnerability scanning tools such as Tenable, Nessus, Qualys, OpenVAS, and Nexpose
Familiarity with penetration testing tools like Metasploit, Burp Suite, and Nmap
Strong knowledge of various operating systems, including Windows, Linux, and macOS
Understanding of system administration and security configurations
In-depth understanding of network protocols, architecture, and security
Experience with network scanning and monitoring tools
Ability to write scripts in languages such as Python, Bash, or PowerShell to automate tasks and analyze data
Basic programming skills to understand and analyze code for vulnerabilities
Familiarity with cybersecurity frameworks and standards such as NIST, ISO 27001, CIS Controls, and OWASP
Understanding of the Cybersecurity Framework (CSF) and NIST 800-53 controls
Practical experience in conducting vulnerability assessments and/or penetration tests
Experience in system and network administration
Familiarity with security concerns and vulnerabilities common in an enterprise environment, including application development, IT/OT environments, virtualization, containers, etc
Staying up to date with the latest cybersecurity threats, vulnerabilities, and best practices
Strong analytical and problem-solving skills to identify and assess vulnerabilities
Meticulous attention to detail to ensure thorough assessments and accurate reporting
Excellent written and verbal communication skills to effectively convey findings and recommendations to technical and non-technical stakeholders
Ability to work collaboratively with other cybersecurity professionals, IT staff, and external vendors
Considerable knowledge/experience of assessing security controls
Experience and skill in conducting audits or reviews of technical systems
Experience working in a government environment
Experience working in a distributed IT environment
Ability to obtain HSPD-12 card for use in two-factor authentication
Able to work both independently and as a contributing member of a small technical team
Able to disseminate knowledge to current staff
Benefits
Life insurance
Company
Tech Army, LLC
Tech Army, LLC is an 8(a) and DBE certified industry leader with over 30 years of success in providing IT consulting and end-to-end IT staff augmentation services.
Founded in 2016
51-200 employees
H1B Sponsorship
Tech Army, LLC has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (2)
2024 (1)
2022 (2)
2021 (1)
Funding
Current Stage
Growth StageLeadership Team
Jay Narang
Chief Executive Officer
Company data provided by crunchbase