Cyber Vulnerability Analyst / Mostly Remote
job description
THIS IS A HYBRID-REMOTE POSITION.
In its majority, work will be performed remotely, from the employee's place of residence. Pre-planned travel to Oak Ridge, Tennessee, or Amarillo, Texas, for on-site interaction, support, and inspections will be required up to 15% of the time.
This position requires a current DOE Q or DoD Top Secret / SCI security clearance.
Global Engineering and Technology (GET) is seeking qualified applicants for Vulnerability Analyst in support of the United States Department of Energy's cybersecurity program. This is a highly compensated, high-responsibility technical security position that is central to our mission's success. The Vulnerability Analyst performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
COMPENSATION RANGE:
$(phone number removed)/year (depending on qualifications and experience)
Duties &
Responsibilities:
Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
Carries out technical evaluations of relevant technology focus areas (e.G., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications) as well as non-technical assessments of people and operations to assess risks and vulnerabilities.
Reviews continuous audit and vulnerability assessment data and collaborates with the threat intelligence section to prioritize and manage patch updates based on the risk and impact within the environment.
Conducts necessary reviews in the given environment, such as Technical Surveillance Countermeasure Reviews (TSCM), and TEMPEST countermeasure reviews.
Requirements
Security Clearance:
This position requires a current DOE Q or DoD Top Secret / SCI security clearance.
Required Education and Experience (as demonstrated by technical expertise and certification, where applicable):
Associate's degree with 10+ years, or Bachelor's degree with 5+ years of related cybersecurity experience, including at least 5 years performing hands-on vulnerability analysis security work, and assessing security posture based on required cybersecurity principles (directly relevant advanced degrees may be considered partly in lieu of direct experience).
Required Knowledge, Skillset, and Abilities (KSAs):
This position requires senior-level experience as a Vulnerability Analyst.
Knowledge of risk management processes
Knowledge of cyber threats and vulnerabilities
Knowledge of application vulnerabilities
Knowledge of host/network access control
Knowledge of cybersecurity and privacy principles and organizational requirements (related to confidentiality, integrity, availability, authentication, non-repudiation)
Knowledge of network access, identity, and access management
Knowledge of network traffic flow
Knowledge of system and application security threats and vulnerabilities
Knowledge of different types of attacks
Knowledge of ethical hacking principles and techniques
Knowledge of network protocols
Ability to conduct vulnerability scans and identify security system vulnerabilities
Ability to assess the strength of security systems and designs
Ability to use network analysis tools to detect vulnerabilities
Ability to review logs to find evidence of past intrusions
Ability to conduct application vulnerability assessments
Ability to gain insights about an organization's threat environment
Ability to identify systemic security issues based on vulnerability and configuration data analysis
Ability to provide meaningful insights about an organization's threat environment to enhance its risk management approach
Ability to apply cybersecurity and privacy principles to meet organizational requirements (related to confidentiality, integrity, availability, authentication, non-repudiation)
Benefits
Benefits include:
Medical plan options with UnitedHealthcare
Dental Insurance
Long-term and Short-term Disability Insurance
Life Insurance
AD&
D Insurance
Generous 401(k) Match
All benefits are effective on day one of employment.
Global Engineering &
Technology, Inc. is an equal opportunity employer and does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in provision of employment opportunities and benefits.