Cybersecurity Vulnerability Assessment Analyst

Responsibilities

The Cybersecurity Vulnerability Assessment Analyst plays a critical role in the Department of Defense's (DoD) Vulnerability Disclosure Program (VDP), supporting efforts within the Defense Cyber Crime Center (DC3), including both the DoD VDP and the Defense Industrial Base (VDP-DIB). This position involves collaborating with internal stakeholders, independent security researchers, and external hackers to identify, assess, and manage vulnerabilities that could impact national security.

 

Key responsibilities include:

• Vulnerability Validation: Reviewing and vetting vulnerability reports to verify validity, scope, reproducibility, and severity.
• Risk Assessment: Assigning risk scores or statements based on the severity of identified vulnerabilities.
• Lifecycle Management: Monitoring and tracking progress on report submissions, validating mitigation or remediation actions, and ensuring reports are properly closed.
• Tool Utilization: Using platforms such as HackerOne Triage console to prioritize, track, and manage submissions while identifying duplicate reports.
• Web Penetration Testing: Applying knowledge of web penetration methodologies and tools to validate vulnerabilities and assess their impact.
• Collaboration Tools: Utilizing Confluence and Jira platforms to document workflows, manage tasks, and streamline communication across teams.
• Stakeholder Communication: Acting as a liaison between security researchers, system owners, and internal teams, ensuring timely and professional responses.
• Documentation: Formatting validated reports to DoD-approved standards and forwarding them to the Vulnerability Management Analyst team for further coordination.

Qualifications

• Education & Experience:
  • Bachelor’s degree and 5+ years of experience; OR Master’s Degree and 3+ years of experience. Or 0 years with PhD. 

• Technical Expertise:
  • In-depth knowledge of information security principles, technologies, and practices.
  • Strong understanding of TCP/IP, IDS/IPS rules, and the investigation of security events, threats, and vulnerabilities.
  • Familiarity with the OWASP Top Ten vulnerabilities, their remediation techniques, and proficiency in web penetration methodologies and tools such as BurpSuite, Nmap, and Kali Linux.
  • Familiarity with vulnerability tracking systems and frameworks live CVEs, NVD, CVSS.
  • Experience with cloud infrastructures such as AWS and Microsoft Azure.
  • Familiarity with programming and scripting languages such as Python, JavaScript, BASH, or Java.

• Compliance and Standards:
  • Strong understanding of STIG requirements, the Risk Management Framework (RMF), and U.S. government cybersecurity compliance frameworks.
  • Experience applying government compliance standards to assess and improve security postures.
• Soft Skills:
  • Excellent customer service and professional communication skills for engaging with both internal and external stakeholders.
  • Ability to manage multiple priorities in an ever-evolving threat landscape.
  • Strong analytical and problem-solving skills to assess complex cybersecurity scenarios.
• Clearance:
  • Active Secret security clearance required.

• Preferred Certifications:
  • Certifications such as CEH, GICSP or Cloud+ or GCED or PenTest+ or Security+ or GSEC.

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Target Salary Range

$86,000 - $138,000. This represents the typical salary range for this position based on experience and other factors.