Vulnerability Assessor Level 2

Job Duties

• Performs ongoing, comprehensive vulnerability assessments of network cybersecurity risks to enable risk management and mitigation activities.
• Monitors the adequacy of cybersecurity measures for information systems and reports vulnerability findings to CSSP Watch leadership.
• Utilizes vulnerability data sources such as network discovery, network and host vulnerability scanning, penetration testing, operational exercise data, and compliance inspection reports.
• Assesses asset conformity to specified security requirements.
• Identifies security vulnerabilities and exposures.

Required Skills:

• US Citizens Only
• Active TS/SCI Clearance and Polygraph required
• Minimum of four (4) years of demonstrated experience as a VA in programs and contracts of similar scope, type, and complexity is required.
• A technical bachelor’s degree from an accredited college or university may be substituted for two (2) years of VA experience on projects of similar scope, type, and complexity.
• One (1) year of demonstrated experience in technical reporting.
• One (1) year of demonstrated experience in network and threat analysis.
• Knowledge of Common Vulnerabilities and Exposures (CVEs), cyber threats, and vulnerability mitigation strategies.
• Conduct research and analysis to stay up to date with current vulnerabilities, provide detailed risk analysis and potential impact.
• Utilize multiple data sources to determine a vulnerability’s security impact on the enterprise.
• Analyze, assess, compile, and prioritize vulnerabilities to document and communicate mitigation recommendations.
• Communicate written and verbal information in a timely, clear, and concise manner.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Understand network security architecture concepts such as topology and protocols.
• Understand what constitutes network risk, cyberattacks, and the relationship between threats and vulnerabilities.
• Analyze vulnerability scans.
• Recognize security implications of vulnerabilities and assess within the context of the risk management process.
• Utilize analysis tools, such as Verodin, Nessus, or RedSeal, to identify vulnerabilities.
• Write comprehensive risk assessments on vulnerability impacts.
• Utilize automated and manual testing methods to validate the vulnerability testing methods; discover inadequate security practices.
• Identify secondary effects of vulnerabilities and exposures, as well as the impact of the mitigations applied to them.
• Perform after-action reviews of team products to ensure completion of analysis.
• Lead and mentor team members as a technical expert