Be an early applicantLess than 25 applicants

Company

Original Job Post

Astrion · 3 days ago

Vulnerability Analyst

Rockville, MD

Full-time

Onsite

Mid Level

2+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Defense and Space Manufacturing

Insider Connection @Astrion

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Coordinate with the project management team and the customer to fulfill testing requirements for projects within the project schedule time frame.

Conduct automated and manual scans verifying compliance with customer standards, DISA STIGs, CIS Benchmarks, vendor security hardening documentation, and industry best practices.

Conduct wireless scans using a customer-owned wireless scanning laptop. Reports of results will include screenshots of heatmaps, analysis of potential rogue access points, and recommendations for minimizing risk as necessary.

Research and evaluate threats and vulnerabilities to assist in prioritization of remediation actions.

Compile, organize, and report vulnerabilities and mitigation results to quantify program effectiveness.

Develop vulnerability assessment reports depending on assigned effort using customer-approved templates.

Meet with stakeholders to review scan results and project deliverables.

Advise stakeholders on appropriate remediation & mitigation solutions.

Update customer-owned scanning laptops, to include OS updates, application updates, and vulnerability plugins.

Other duties as assigned.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

IT ExperienceScanning SystemsInformation AssuranceAssessing SystemsCompTIA Security+CISSPISACA CISAGIAC GSECGIAC GSNAGIAC GPENCEHSecurity ClearanceNRC IT-IWindows ServerWeb ServersDatabasesLinuxDISA STIGsSCAPTenable AuditCIS BenchmarksWireless NetworkingVulnerability ScanningTenable Security CenterNessusScriptingPowerShellVBAMicrosoft OfficeWord

Required

BA/BS or 4 years additional equivalent experience

2 years IT experience specialized in scanning systems, information assurance support, and/or assessing systems

At least one of the following certifications: CompTIA Security+, CISSP, ISACA CISA, GIAC GSEC, GIAC GSNA, GIAC GPEN or CEH

Required Security Clearance: Ability to obtain NRC IT-I

Preferred

Previous experience administrating (or a comprehensive working knowledge) of the following technologies: Windows Server, Web Servers (IIS, Apache), Databases (MS SQL, MySQL), Linux (RHEL / CentOS)

Familiarity with DISA STIGs, SCAP content, Tenable Audit files, and / or CIS Benchmarks

Knowledge of system and application security threats and vulnerabilities

A working understanding of wireless networking protocols and security mechanisms is a plus

Experience with vulnerability scanning tools, such as Tenable Security Center / Nessus is a plus

Ability to prioritize and complete tasks efficiently and effectively

Comfortable working individually and as part of a team

Scripting ability (e.g., PowerShell, VBA) is a plus

Proficiency with Microsoft Office applications, primary importance on Word and Excel