SME Cyber Vulnerability Assessment Analyst - TS/SCI Required

(Multiple States)

Full Time Senior-level / Expert Clearance required USD 63K - 147K *

cFocus Software Incorporated

Our exclusive ATO as a Service™ software & expert services automate FISMA RMF & FedRAMP compliance.

View all jobs at cFocus Software Incorporated

Apply now Apply later

Posted 6 hours ago

cFocus Software is seeking an SME Cyber Vulnerability Assessment Analyst to join our program supporting CISA in Arlington, VA or Pensacola, FL. This position requires active TS/SCI clearance.

Qualifications:

Active TS/SCI clearance
10+ years of proven experience as a Security Engineer with supervisory/leadership abilities to oversee large teams responsible for planning, analyzing, implementing, and maintaining many different projects
Experience assessing security implementation of cloud and hybrid environments to include pipelines, applications and services
10+ years of experience with Reverse Engineering, Computer Forensics, Adversarial Emulations, Incident Response, Vulnerability Assessment and Management, Risk and Threat Mitigation, and Penetration Testing
10+ years of technical experience using concepts such as (SaaS, PaaS, & IaaS)
10+ years of experience working with AWS, Kubernetes, Dockers, Linux, Windows

Duties:

Responsible for leading penetration testing, developing advanced security scenarios and testing systems against those scenarios, developing advanced security architectures for the implementation of custom countermeasures, provides security considerations to advise system engineering teams with the objective to reduce errors, flaws, and weaknesses that may constitute security vulnerability, performing advanced code analysis, and performing advanced protocol analysis for nation-state and state-sponsored cyber threat actor capabilities.
Ensure an industry’s best practice implementation utilizing agile practices for scanning and end to end vulnerability remediation as well as assist in all information security planning, compliance and risk management, manage teams, ensure they have appropriate skill sets, and tie the teams and results together
Identify vulnerabilities and understand and recommend countermeasures
Analyze the network to determine if appropriate security is applied
Possess and apply knowledge NIST RMF
Develop and implement test plans and ensure execution
Evaluate the costs and benefits of security functions and considerations from analysis of alternatives, engineering trade-offs and risk treatment decisions.
Provide assessment support and remote or site visits for CISA information systems.
Perform detailed assessments of the security controls that have been identified and implemented for systems as part of the RMF process.
Collaborate with product teams to assess cloud security standards and verify controls are implemented for hardening infrastructure, hardening infrastructure-as-code, hardening CI/CD pipelines, and hardening containers.
Employ test plans and test procedures tailored to the security controls of the system under test.
The tools and techniques could include, but are not limited to, manual test procedures or analysis, web assessment software, vulnerability scanning tools, penetration test tools, and or contractor-developed custom scripts.
Tools and techniques consist of manual testing, vulnerability scans, and penetration testing.
Automate testing functions and adopt OffSecOps development practices to include development of ansible or terraformed testing procedures and infrastructure development that can be automated to quickly deploy and test various targets.
Prepare a detailed weekly status of all activities, including status of assessments and any other pertinent data points as requested by the Government