Apply on Employer Site

Boston Government Services, LLC (BGS) · 1 day ago

Vulnerability Analyst

Knoxville Metro

Full-time

Hybrid

Entry, Mid Level

Boston Government Services, LLC (BGS) is an engineering, technology, and security firm dedicated to advancing national missions for government programs and facilities. The Vulnerability Analyst role involves conducting vulnerability assessments, analyzing security weaknesses, and recommending mitigation strategies to enhance organizational cybersecurity posture.

GovernmentSecurity

Comp. & Benefits

No H1B

U.S. Citizen Only

Responsibilities

Possess a working level expertise with the National Institute of Standards and Technologies (NIST) Cybersecurity Framework (CSF) and the NIST 800-53 series of control families and approaches

Using automated tools and manual techniques to Client security weaknesses (i.e. Tenable Security Center, Nucleus Security, etc...)

Conducting regular scans and assessments of systems, applications, and networks to identify potential vulnerabilities

Analyzing the identified vulnerabilities to determine their potential impact on the organization

Prioritizing vulnerabilities based on their severity and the risk they pose to the organization

Performing routine assignment of tickets to IT and other teams to address vulnerabilities as part of a 'cyber hygiene' process

Recommending mitigation strategies to address identified vulnerabilities

Working with IT and development teams to apply patches, configure systems securely, and implement other remediation measures. This position is not expected to perform patching activities

Creating detailed reports on the findings of vulnerability assessments and risk analyses

Documenting the status of vulnerabilities and the actions taken to mitigate them

Communicating the results of vulnerability assessments, risk analyses, and other cyber hygiene work to stakeholders, including management and technical teams

Staying up to date with the latest cybersecurity threats, vulnerabilities, and best practices

Continuously improving the organization's vulnerability management processes and tools

Attend online/Teams meetings with team and others as appropriate

Work with team to provide status on current task, suggest improvements, discuss implementation, etc

Qualification

Vulnerability assessmentsNIST Cybersecurity FrameworkVulnerability scanning toolsNetwork securitySystem administrationAnalytical skillsSecurity frameworksCommunication skillsScriptingTechnical auditsKnowledge disseminationGovernment experienceDistributed IT environmentCollaborationAttention to detailProblem-solving

Required

Practical experience in conducting vulnerability assessments and/or penetration tests

Experience in system and network administration

Familiarity with security concerns and vulnerabilities common in an enterprise environment, including application development, IT/OT environments, virtualization, containers, etc

Staying up to date with the latest cybersecurity threats, vulnerabilities, and best practices

Strong analytical and problem-solving skills to identify and assess vulnerabilities

Meticulous attention to detail to ensure thorough assessments and accurate reporting

Excellent written and verbal communication skills to effectively convey findings and recommendations to technical and non-technical stakeholders

Ability to work collaboratively with other cybersecurity professionals, IT staff, and external vendors

Considerable knowledge/experience of assessing security controls

Experience and skill in conducting audits or reviews of technical systems

Experience working in a government environment

Experience working in a distributed IT environment

Ability to obtain HSPD-12 card for use in two-factor authentication

Able to work both independently and as a contributing member of a small technical team

Able to disseminate knowledge to current staff

Must be a U.S. citizen

Successful drug screening

Preferred

Proficiency in using vulnerability scanning tools such as Tenable, Nessus, Qualys, OpenVAS, and Nexpose

Familiarity with penetration testing tools like Metasploit, Burp Suite, and Nmap

Strong knowledge of various operating systems, including Windows, Linux, and macOS

Understanding of system administration and security configurations

In-depth understanding of network protocols, architecture, and security

Experience with network scanning and monitoring tools

Ability to write scripts in languages such as Python, Bash, or PowerShell to automate tasks and analyze data

Basic programming skills to understand and analyze code for vulnerabilities

Familiarity with cybersecurity frameworks and standards such as NIST, ISO 27001, CIS Controls, and OWASP

Understanding of the Cybersecurity Framework (CSF) and NIST 800-53 controls

Certified Information Systems Security Professional (CISSP)

Certified Ethical Hacker (CEH)

CompTIA Security+

Certified Information Security Manager (CISM)

Offensive Security Certified Professional (OSCP)

GIAC Security Essentials (GSEC)

Benefits

Health

Dental

Vision

Life Insurance

Paid Vacation

401K

Long and Short-Term Disability

Company

Boston Government Services, LLC (BGS)

Boston Government Services, LLC (BGS) is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets.

Founded in 2007