Overview: Responsibilities:

The Senior Vulnerability Assessment Analyst will perform assessments of systems and networks to determine the effectiveness of defense-in-depth architecture against known vulnerabilities based on DoD and IC policies, and industry best practices. Review and evaluate vulnerability scans, reports, or other IT/IS artifacts to identify systemic security issues and areas of weakness within a given DoD enclave, system, or enterprise. Work with stakeholders and system security engineers to effectively communicate the risks of identified vulnerabilities. Assist with remediation solutions of identified security vulnerabilities based on DoD, IC, and Federal policies, standards, and industry best practices.

• Analyze organization's cyber defense policies and configurations and evaluate compliance with DoD regulations and organizational directives
• Perform information system security vulnerability scanning to discover and analyze vulnerabilities to support the characterization of risks to networks, operating systems, applications, databases, and other information system components
• Evaluate compliance scans and reports to analyze configurations
• Facilitate audit reviews of configurations and hardening settings for networks, operating systems, applications, databases, and other information system components
• Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) vulnerability assessments of relevant technology focus areas (e.g. local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications)
• Share meaningful insight about the context of an organization's threat environment that improve its risk management posture
• Engage with stakeholders, to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation
• Communicate, both verbally and written, security and compliance issues in an effective and appropriate manner
• Recommend appropriate remedial actions to mitigate risks and ensure information systems employ the appropriate level of information security controls
• Validate remedial actions and ensure compliance with information security policy and regulatory requirements
• Maintain proficiency in threat and vulnerability management best practices
• Prepare reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions

Qualifications:

• Bachelor's degree in Computer Science or related discipline from an accredited college or university
• Ten (10) years’ experience as a Vulnerability Assessment Analyst
• Active TS/SCI with a Polygraph

Certifications (at least one required):

• CASP+CE
• CISSP
• CSSLP

Leading the Transformation: The BlueHalo Effect It speaks to who we are as a company, a global protective ring that shields everything we most want to safeguard, an unbroken line that ensures our customers retain the advantage in any battlespace, from high above the Earth to deep in cyberspace. It’s who we are, a halo, a protector, the light of inspired engineering keeping our Nation safe. Our vision is a world where national security is certain because technical superiority is assured. Join us and become a vital element of The BlueHalo Effect! EEO Statement BlueHalo is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship is required for most positions. If you are an individual with a disability and would like to request a reasonable workplace accommodation for any part of the employment process, please send an email to Recruiting@bluehalo.com. Please indicate the specifics of the assistance needed. This option is reserved only for individuals who are requesting a reasonable workplace accommodation. It is not intended for other purposes or inquiries.