Cyber Security Vulnerability Analyst Industry: Dept. of DefenseLocation: Charleston, SC (29406) (REMOTE & 35% travel)Employment Type: 1-year ContractClearance: Secret (Active Required)Requirements:
IAT-II DoD 8570 compliant certification, CISSP Preferred.ACAS/Nessus scanning experience, building asset groups, creating audits, schedule scans and generating reports.Experience with running SCAP benchmarks and SRR scripts released by DISA.WSUS management and troubleshooting WSUS Server and clients.Experience with Tanium, Splunk, HBSS and its components.System troubleshooting and configuration management of Windows Desktop and Server OS as it relates to security posture of the system.Experience with Group Policy Objects and Active Directory.Configuration security of network devices, switches, firewalls and routers.Knowledge of DISA STIGs/FDCC requirements, CTOs, TASKORDs, FRAGORDs, and emerging threats.
Expected to cover technical information security aspects including, but not limited to, identifying risks, providing mitigation plan of action, configuration of devices in accordance with STIG settings, analysis of system design, assist with certification and accreditation issues that may be preventing the system from receiving ATO, and develop custom mitigation solutions for enterprise vulnerabilities.Coordination among various stakeholders, e.g., Security Engineers, Network Administrators, System Administrators, Information Assurance Managers (IAMs) / Information Systems Security Managers (ISSMs), SCA, SCAR, Authorization Officials (and representatives), program managers, vendors, etc., necessary to properly plan and coordinate IV and testing requirements for program office authorization efforts.Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD IA security controls (technical, management, operational), and DISA Security Technical Implementation Guides (STIGs).
#clearanceKeyword Searchstring: cyber security, security+, Pen testing, CISSP, CEH, RHCSA, Red Hat, Linux, Unix, Cyber, engineer, architect, network, systems, ACAS, STIGs, POA, RMF,EOE/ADA