Vulnerability Management Analyst
Washington, District Of Columbia, United States
As a Vision, Mission, and Driven company, VMD has been delivering information technology solutions to the Federal government in Agile Engineering, Cybersecurity, and Critical Infrastructure Protection since 2002. Our mission has now expanded, and we have merged with Xcelerate Solutions to revolutionize end-to-end enterprise security. Together we are committed to protecting our nation’s citizens, critical infrastructure, and resources. Why Join VMD Corp? At VMD, now a part of Xcelerate Solutions, you have the opportunity to thrive in your career and become a Game Changer. The quality and talent of our people is what drives our success. We embrace an employee-first culture and make it a priority to provide professional development opportunities that foster career growth. We help protect American Citizens and the nation’s most critical infrastructure by working alongside our customers and delivering game changing solutions to strengthen their missions. We believe our passion and commitment to achieve our customers' goals and solve their most critical challenges defines who we are. We don’t just dream big, we act on it – through teamwork, dedication, and resilience.
Learn more about VMD culture here: VMD Culture About the Mission You Will Join:
The Department of Labor (DOL) has entrusted VMD to support the Office of the Chief Information Officer’s (OCIO’s) Cybersecurity Division to provide enterprise-level cybersecurity services including Information Security Governance and Policy, ISSO and Assessment Services, and Security Operations Center support. The Department of Labor administers and enforces more than 180 federal laws and thousands of federal regulations. Your Impact to the Mission:
We are seeking a Vulnerability Management Analyst with Tenable Tool experience to serve as a member of our Vulnerability Management team. This role involves being familiar with Tenable engineering responsibilities related to Tenable.sc, Tenable.io, and Nessus Agents such as the performance of daily health checks, initial troubleshooting of issues, performing regular updates to enable proper performance and security of the tools, and performing regular analysis of scan results. The role includes maintaining existing vulnerability and compliance scans, managing vulnerability reporting, and supporting data quality initiatives. The Vulnerability Management Analyst will be responsible for providing analysis and reporting on vulnerabilities, and holding teams accountable for remediating vulnerabilities within SLA. Roles and Responsibilities:
Learn more about VMD culture here: VMD Culture About the Mission You Will Join:
The Department of Labor (DOL) has entrusted VMD to support the Office of the Chief Information Officer’s (OCIO’s) Cybersecurity Division to provide enterprise-level cybersecurity services including Information Security Governance and Policy, ISSO and Assessment Services, and Security Operations Center support. The Department of Labor administers and enforces more than 180 federal laws and thousands of federal regulations. Your Impact to the Mission:
We are seeking a Vulnerability Management Analyst with Tenable Tool experience to serve as a member of our Vulnerability Management team. This role involves being familiar with Tenable engineering responsibilities related to Tenable.sc, Tenable.io, and Nessus Agents such as the performance of daily health checks, initial troubleshooting of issues, performing regular updates to enable proper performance and security of the tools, and performing regular analysis of scan results. The role includes maintaining existing vulnerability and compliance scans, managing vulnerability reporting, and supporting data quality initiatives. The Vulnerability Management Analyst will be responsible for providing analysis and reporting on vulnerabilities, and holding teams accountable for remediating vulnerabilities within SLA. Roles and Responsibilities:
- Tenable Tool Management:
- Perform daily health checks of Tenable.sc, Tenable.io, and Nessus Agents.
- Initial troubleshooting and resolving any identified or reported issues.
- Apply upgrades and maintain the health of the systems to prevent issues and vulnerabilities.
- Scan Management:
- Maintain existing O&M scans and troubleshoot any reported scan issues.
- Regularly tune scans to ensure maximum coverage with minimal impact on the network and target hosts.
- Conduct both vulnerability and compliance scans.
- Vulnerability Management & Reporting:
- Run weekly meetings (Specific section of the meeting format) with system owners to get status updates on the remediation of vulnerabilities.
- Use additional tools as needed (BigFix web reports, etc) for vulnerability analysis and reporting.
- Create reporting mechanisms to monitor zero-days and other priority vulnerabilities
- Investigate reported false positives to verify their validity.
- Provide support to CDM Data Quality initiatives.
- Serve as the point person for understanding the status of vulnerabilities and report to the Vulnerability Management Team Lead.
- Provide analysis and reporting on vulnerabilities, ensuring teams are held accountable for remediating vulnerabilities within SLA or creating POAMs.
- Documentation and SOPs:
- Maintain tool documentation and Standard Operating Procedures (SOPs).
- Technical Expertise:
- Strong understanding of Tenable.sc, Tenable.io, and Nessus Agents.
- Experience with vulnerability scanning and management tools.
- Analytical Skills:
- Ability to analyze scan results and prioritize vulnerabilities based on risk and impact.
- Strong attention to detail and an analytical mindset.
- Troubleshooting:
- Proficiency in troubleshooting and resolving technical issues related to vulnerability management tools.
- Communication Skills:
- Excellent written and verbal communication skills.
- Ability to run effective meetings and provide clear status updates.
- Proactivity:
- Ability to take initiative and work independently with minimal supervise
- Collaboration:
- Proven ability to work effectively with cross-functional teams.
- Education Requirement: Bachelor’s degree in Computer Science, Information Management (IM), Information Technology, Cybersecurity, Engineering, or equivalent
- Can Additional Years of Experience Substitute for Degree? No
- Desired Certification(s): SANS, ISC2, ECCouncil, ISACA, or other cybersecurity or privacy certification
- Minimum Years of Overall Experience: 4
- Minimum Years of Specific Experience in Field: 2
- Minimum Clearance to Start: Public Trust
- Work Status Allowable: US Citizen or Permanent Resident
- You demonstrate personal accountability and integrity in all actions.
- You interact well with people and are a natural team player.
- You consistently meet deadlines and come prepared to offer solutions and contribute in meaningful ways.
- Travel: None
- Telecommute Options: Hybrid. Occasional onsite work may be required.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
1
1
0
Category:
Analyst Jobs
Tags: Agile Clearance Compliance Computer Science Governance ISACA Nessus Privacy SANS SOC Vulnerabilities Vulnerability management
Perks/benefits: Career development
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Officer jobsSenior Cybersecurity Engineer jobsInformation Security Manager jobsInformation System Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Specialist jobsIT Security Engineer jobsCyber Security Specialist jobsSecurity Consultant jobsSenior Network Security Engineer jobsSystems Administrator jobsSenior Information Security Analyst jobsIT Security Analyst jobsSecurity Specialist jobsSystems Engineer jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsSenior Penetration Tester jobsInformation System Security Officer (ISSO) jobsStaff Security Engineer jobsInformation Systems Security Engineer jobsThreat Intelligence Analyst jobsSecurity Operations Analyst jobsCyber Security Architect jobsSenior Product Security Engineer jobs
CI/CD jobsJava jobsEDR jobsTop Secret jobsSaaS jobsForensics jobsGDPR jobsSplunk jobsRMF jobsIDS jobsSDLC jobsIPS jobsSQL jobsBash jobsActive Directory jobsDoDD 8570 jobsThreat detection jobsIntrusion detection jobsCompTIA jobsITIL jobsFinance jobsGIAC jobsCRISC jobsDocker jobsOWASP jobs
Clearance Required jobsUNIX jobsTerraform jobsTCP/IP jobsIndustrial jobsJavaScript jobsCCSP jobsSANS jobsHIPAA jobsIT infrastructure jobsOSCP jobsData Analytics jobsVPN jobsDNS jobsPolygraph jobsBanking jobsSAP jobsGCIH jobsSOC 2 jobsGSEC jobsCISO jobsAnsible jobsJira jobsNIST 800-53 jobsMITRE ATT&CK jobs