Cybersecurity Vulnerability Management Analyst - ACAS Reviewer

Unclassified - Reston, VA

posted 4 months ago

Full-time - Mid Level
Reston, VA

About the position

As a Cybersecurity Vulnerability Management Analyst - ACAS Reviewer at Apavo Corp, you will be at the forefront of cybersecurity, safeguarding mission-critical systems for military, defense, and critical infrastructure industries. This on-site role requires a Top Secret/SCI clearance with a CI Polygraph and involves evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). You will conduct comprehensive assessments using automated tools such as Tenable, Nessus, and Qualys, ensuring compliance with cybersecurity standards and regulations. Your work will be crucial in mitigating risks and addressing vulnerabilities within any enterprise, as Apavo is committed to providing holistic cybersecurity solutions that evolve with the changing cyber landscape. In this position, you will be responsible for managing project artifacts for various projects, including project plans, scoping documents, and weekly status updates. You will interact with leadership and technical staff to facilitate scoping and data collection for security controls assessments. Your role will also involve interviewing subject matter experts and collecting data to review a comprehensive Threat Informed Critical Controls List (TICCL). You will participate in planning, executing, and reporting on security audits and network vulnerability assessments, and assist in preparing assessment deliverables such as Security Risk Assessments and compliance data. The Expert Cybersecurity Vulnerability Manager (ACAS Reviewer) will conduct ACAS reviews using the DISA ACAS Best Practice Guide and IC CIO 2018-051 Vulnerability Management TIG checklists. This includes working with system administrators to verify scan policies, troubleshooting coverage challenges across various technologies, and consolidating reports on the organization's enterprise. You will validate scanning configurations, conduct compliance scans, and provide input to written reports on compliance and associated risks. Your attention to detail and advanced writing skills will be essential in coordinating multiple viewpoints into cohesive documents, ensuring that all findings are accurately reported and communicated.

Responsibilities

  • Evaluate the cybersecurity posture of enterprise environments across the Intelligence Community (IC).
  • Conduct comprehensive assessments using automated tools such as Tenable, Nessus, and Qualys.
  • Accountability for all project management artifacts for a select number of projects, including project plans and weekly status updates.
  • Interact with leadership and site technical staff to facilitate scoping and data collection for security controls assessments.
  • Interview organizational subject matter experts in conducting STIG, TIG, SRG, and IC policy checklists.
  • Collect data in support of reviewing a comprehensive Threat Informed Critical Controls List (TICCL).
  • Participate in the planning, execution, and reporting of security audits and network vulnerability assessments with minimal supervision.
  • Assist in preparation of assessment deliverables such as Security Risk Assessments and compliance data.
  • Communicate the impact of vulnerabilities verbally and through written deliverables.
  • Plan, execute, and report on IT, privacy, and operational reviews to identify risks.

Requirements

  • 12 years of experience or equivalent combination of education, professional training, or work experience.
  • DoD 8570 IAT III level certification is required.
  • Minimum five (5) years of experience in system administration, specifically with ACAS platforms such as Tenable, Nessus, and Qualys.
  • Minimum ten (10) years of experience in Cyber/Information Assurance with a strong understanding of cybersecurity disciplines and frameworks.
  • Strong independent work ethic and exceptional oral and written communication skills.
  • Bachelor's degree in Computer Science or a related technical discipline.

Nice-to-haves

  • Technical proficiency in engineering and operations of enterprise Vulnerability Scanning platforms.
  • Advanced skills in vulnerability assessment and reporting tools such as Tenable, Splunk, and Tableau.
  • Demonstrated ability to collaborate across departments to implement cybersecurity principles effectively.
  • Strong multitasking and time management skills with a comprehensive understanding of cyber threats and vulnerabilities.

Benefits

  • Competitive salary
  • Health insurance
  • 401k plan with matching contributions
  • Paid time off and holidays
  • Professional development opportunities
  • Flexible work environment
  • Employee assistance programs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service