TMC Technologies is in search of a subject matter expert - level Cyber Vulnerability Assessment Analyst to support a federal client in Rosslyn, VA. The candidate must be a US citizen and possess an active Secret or Top Secret clearance to start due to federal contract requirements. This role supports the Security Assessment & Vulnerability Prioritization Team (Blue Team). The Cyber Vulnerability Assessment Analyst (SME) will:

• Provide technical assistance related to internal system assessments supporting Authorization and Accreditation process.
• Maintain, improve, and leverage an objective, quantitative risk assessment model.
• Coordinate with all relevant personnel to obtain pertinent vulnerability information and findings concerning network security.
• Stay abreast of all current and new vulnerabilities and which cyber actors have exploited them.
• Maintain a consolidated vulnerability list that includes new and existing vulnerabilities and ranks them quantitatively in terms of risk.
• Map findings to NIST Special Product 800-53 security controls; coordinate with stakeholders on ensuring findings are input as plans of actions and milestones.
• Conduct briefings on vulnerabilities and current risk exposure and provide remediation recommendations.

• Active Secret or Top Secret security clearance required.
• Bachelor’s Degree and a minimum of 9 years’ experience required. An additional 4 years of experience may be substituted in lieu of degree.
• CCNA, CND, CySA+, GICSP, GSEC, Sec+, or SSCP certification required.
• Demonstrated ability to perform assessments of systems and networks within the networking environment or enclave and identifying where those systems and networks deviated from acceptable configurations, enclave policy, or local policy.
• Aptitude to establish strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
• Can make sound recommendations on process tailoring, efficient with participating in and document process activities.
• Proven expertise in performing analyses to validate established security requirements and recommended additional security requirements and safeguards.