General Dynamics Information Technology Vulnerability Management Analyst in Hurlburt Field, Florida
The Vulnerability Management Analyst - Information System Security Manager (ISSM) will work closely with the Cyber Security Team – to support multiple programs and Air Force and USSOCOM connected systems through the vulnerability management and Risk Management Framework (RMF) process. They will be responsible for maintaining configuration items and executing functions on the vulnerability management platform, which includes but not limited to ACAS & Source Code scans, STIG Validation in support of DISA, DoD, USSOCOM, and USAF guidelines and proactive vulnerability detection. They will be responsible for composing essential documentation (procedures, scanning reports, remediation reports, etc.), providing analysis and metrics on vulnerabilities, and driving remediation of vulnerabilities throughout the organization. The ideal candidate has a background in Systems Administration or Systems Engineering, has a strong systems security mindset, is very detailed oriented with strong written and oral communication skills.
Knowledge, Skills and Abilities
3+ Years of Information Security Experience, working with Vulnerability management tools
Demonstrated knowledge of Systems Administration/Engineering with proficiency in analyzing systems designs with a systems security mindset
Strong knowledge of threats and vulnerabilities associated with cloud and on-premise network security
Demonstrated ability to work effectively in an ambiguous environment
Strong oral and written communications skills
Strong analytical and problem-solving skills and proactive thinking skills
High-level familiarity with Vulnerability Management tools such as ACAS, SCAP, and SCCM.
Moderate- to high-level familiarity with RMF input and validation tools such as eMass and XACTA.
Basic level familiarity with DoD, USAF, USSOCOM, and other Cyber Security Regulatory Compliance bodies
Familiarity with basic networking protocols (e.g., TCP/IP, UDP, etc.)
Familiarity with basic concepts of Penetration Testing (e.g., Penetration Test Execution Standards (PTES, Black Box Pen Testing, etc.) to include use of the more popular tools (e.g., metasploit, Nmap, etc.)
Ability to oversee and/or perform the development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support
Ability to drive automation of vulnerability management platform and processes
Demonstrated understanding of infrastructure and cloud vulnerability scanning
Understanding of how to classify and prioritize the risk of new vulnerabilities based on the operating environment
Ability to develop and maintain metrics and reports on vulnerability findings and remediation compliance
Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams
Provide technical support to system and technology owners to propose mitigation and remediation solutions
Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied
Document and report on processes and procedures
Provide input to leadership for enhancing the vulnerability management strategy
Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers and other education opportunities
Sense of urgency to address new technologies being deployed: Continuous development of infrastructure and cloud vulnerability expertise to function as subject matter expert in multiple technical or business disciplines;
A Cyber Security Team team-player contributing to policy development, RMF package accreditations, and Tempest requirements
Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
DoD 8570 IAM III Level Certification Required (CISSP, CISM, GSLC)
SSCP, GIAC Security Essentials Certified Ethical Hacker (CEH), and other security related certifications a plus
5-8 years of related experience in data security administration.
The work is performed in an office and lab environment
Must be able to obtain a passport for OCONUS travel, if required
Lift over 35 LBS
#DPOST #ISDCJ #ARMA #C2MS
As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors. With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services. GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.
Requisition ID 2018-40296
of Openings 0
Job Location USA-FL-Hurlburt Field
Job Function Information Technology
Security Clearance Level Secret
Full/Part Time Full Time