XOR Security is currently seeking talented, experienced Vulnerability Assessment Analysts for an exciting position supporting one of our premier clients. Our project is aimed at establishing cutting-edge techniques for network defense, identifying threats and detecting malicious activity using advanced toolsets. The ideal candidate will have experience with Vulnerability Assessment/Analysis, Security Controls Assessment, Continuous Monitoring, Continuous Authorization, and FedRAMP assessments and will keep up to date on emerging trends in the cyber security field.
Washington D.C., USA
Skills and Qualifications:
- An industry certification such as CASP, CAP, CISSP, CISM, GSEC, GMON, Security+
- 7 years of experience in Information Assurance
- Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience.
- In-depth understanding and hands-on experience with Qualys, to include scanning with Security Technical Information Guides (STIG) and CIS benchmarks
- MS Excel pivot tables
- Leverage enterprise scanning applications or tools approved by the government to complete this task. The vulnerability management support will require the Contractor to provide routine and ad-hoc automated vulnerability scans, scans in support of audits, scan result analysis, and validation scans of remediated vulnerabilities identified during Vulnerability Assessment & Penetration Testing engagements.
- Support vulnerability scans of information systems that are on-premises and hybrid cloud systems as necessary
- Support scanning and testing at the application and database level and shall refine and mature scanning metrics and thresholds to positively affect program maturity
- Work with system owners, system administrators and ISSOs to define the scope, develop a test plan, and rules of engagement as necessary
- Analyze weekly DHS Cyber Hygiene reports, facilitate remediation of findings therein, and promote comprehensive scanning coverage of all Internet- reachable IT assets
- Identify corrective actions, compensating controls, and assist with POA&M development in CSAM
- Identify mitigations for non-compliance, notify stakeholders of compliance issues and, where required, perform these mitigations
- Take into account any infrastructure challenges and make recommendations for improvements where needed. This includes third party service provider hosted Software as a Service (SaaS), Platform as a Service (PaaS) instances as well as Infrastructure as a Service (IaaS)
- Provide expertise in the review of new vulnerability technologies and capabilities and shall interact with other technology divisions to facilitate deployment
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance RequirementApplicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.