IT Systems Analyst
Washington, DC 20002
The Vulnerability Analyst is responsible for providing vulnerability tracking and statuses to the Strategic Systems Programs (SSP) Command Information Officer (CIO) Primary duties include the following: Managing ACAS Security Center and Nessus scanners. Ensuring that all devices are scanned on a monthly basis and ACAS is up to date. Analyzing network vulnerability (ACAS) scans to validate and track Information Assurance Vulnerability Alerts/Bulletins (IAVA/B) notices, vendor vulnerabilities and configuration settings. Duties also include:
- coordinating with System and Network Administrators on mitigations and remediations.
- Evaluating vulnerabilities alongside system and network administrators to provide written plans when a system cannot meet deadlines for compliance.
- Maintaining a living Risk Assessment Report(RAR)/Plan of Action and Milestones(POA&M) of vulnerabilities for local and distributed sites. Report Vulnerability scans, IAVA/B compliance, Official Navy Orders, and other cyber directives to the Vulnerability Remediation Asset Manager (VRAM) along with approved mitigations.
- Assisting with Certification and Accreditation packages, Cyber security audit preparation, internal audits and documentation preparation and origination. Maintain the SSP Enterprise systems certification and accreditation (C&A) plans; C&A topologies; ports, protocol, and services lists; contingency plans, disaster recovery procedures, and incident response plans.
- Review security and data/logs to respond to security incidents on SSP Enterprise systems.
- Support the SSP IAM/ISSM in developing SSP Cyber security standards and policies. Provide technical guidance to the SSP IAM/ISSM, CIO, Cyber security Workgroup (CSWG), Program Managers (PMs), Program Management Officers (PMOs), FBM Partners, etc. On cyber security matters and initiatives, including researching new technologies to counter evolving threats.
- Active DoD security clearance required *ACAS knowledge *Vulnerability analysis *POA&M development *DISA STIGs *NIST Special Publications *Excellent verbal and written communication skills preferred.
- Experience with eMASS *Experience with information security best practices and security frameworks *Familiarity with network security tools and technologies including networking protocols *Experience developing policies, procedures, and technical training materials.
- Bachelor' s degree in Engineering, Information Systems, Computer Science or related field, preferred, but depending upon experience, will consider other degree disciplines and at least 2 years of professional work related experience. May also consider 7 years of related professional work experience in lieu of the degree. Experience must include at least 4 years experience supporting and/or maintaining information security technologies. *Must be able to meet Cyber workforce certification requirements within 6 months. *Knowledge and understanding of security technologies including intrusion detection/prevention systems, firewalls, vulnerability scanning, and data protection/encryption systems .
FOR IMMEDIATE CONSIDERATION CONTACT A RECRUITER AT: 844-428-1461
OR EMAIL YOUR RESUME TO: Marketing@nsc-tech.Com
At NSC Technologies, LLC our company culture is strong! You work hard for us and in return we want to provide you with as many benefits and resources as we can:
- Competitive pay
- Medical Coverage
- Long Term Opportunities
- Direct deposit or Global Cash Card
- Employee Assistance Program (EAP)
- Training and Career Growth Opportunities
- The chance to be a part of an amazing team
NSC Technologies is committed to connecting good people with good jobs!
NSC is an innovative staffing firm that specializes in placing qualified skilled, technical and professional talent in virtually any market. Our meticulous dedication to Quality and Safety is a testament to our success. We are The Staffing Experts!
NSC Technologies is a drug free company. NSC is an EOE AA/M/F/VHo/D.