What are the responsibilities and job description for the Vulnerability Assessor position at Columbia Technology Partners?
Vulnerability Assessor:
TS/SCI FS POLY || Ft. Meade, MD. || REQ. ID CV1088: The Mission::
Perform ongoing, comprehensive vulnerability assessments of network cybersecurity risks to enable risk management and mitigation activities. Monitor the adequacy of cybersecurity measures for information systems and report vulnerability findings to CSSP Watch leadership. Utilize vulnerability data sources such as network discovery, network and host vulnerability scanning, penetration testing, operational exercise data, and compliance inspection reports. Assess asset conformity to specified security requirements. Identify security vulnerabilities and exposures.
The Qualifications::
The Day-to-day::
If you think you’d be a good fit, apply now! We'll get in touch to let you know what the next steps are - The CTP Team
TS/SCI FS POLY || Ft. Meade, MD. || REQ. ID CV1088: The Mission::
Perform ongoing, comprehensive vulnerability assessments of network cybersecurity risks to enable risk management and mitigation activities. Monitor the adequacy of cybersecurity measures for information systems and report vulnerability findings to CSSP Watch leadership. Utilize vulnerability data sources such as network discovery, network and host vulnerability scanning, penetration testing, operational exercise data, and compliance inspection reports. Assess asset conformity to specified security requirements. Identify security vulnerabilities and exposures.
The Qualifications::
- An Active TS/SCI clearance FS polygraph.
- This is a deal-breaker and a hard requirement.
- 4 years of related experience is required.
- Required: Security and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.
- Required: successful completion of the Splunk software training course "Fundamentals 1"
The Day-to-day::
- Knowledge of Common Vulnerabilities and Exposures (CVEs), cyber threats, and vulnerability mitigation strategies.
- Conduct research and analysis to stay up to date with current vulnerabilities, provide detailed risk analysis and potential impact.
- Utilize multiple data sources to determine a vulnerability’s security impact on the enterprise.
- Analyze, assess, compile, and prioritize vulnerabilities to document and communicate mitigation recommendations.
- Communicate written and verbal information in a timely, clear, and concise manner.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Understand network security architecture concepts such as topology and protocols.
- Understand what constitutes network risk, cyberattacks, and the relationship between threats and vulnerabilities.
- Analyze vulnerability scans.
- Recognize security implications of vulnerabilities and assess within the context of the risk management process.
- Utilize analysis tools, such as Verodin, Nessus, or RedSeal, to identify vulnerabilities.
- Write comprehensive risk assessments on vulnerability impacts.
- Utilize automated and manual testing methods to validate the vulnerability testing methods; discover inadequate security practices.
- Identify secondary effects of vulnerabilities and exposures, as well as the impact of the mitigations applied to them.
- Perform after-action reviews of team products to ensure completion of analysis.
- Lead and mentor team members as a technical expert
If you think you’d be a good fit, apply now! We'll get in touch to let you know what the next steps are - The CTP Team
Assessor
Better Morning, Inc. -
Washington, DC
Vulnerability Researcher
Kudu Dynamics -
Chantilly, VA
Vulnerability Researcher
AnaVation -
Chantilly, VA
