Vulnerability Assessor Level 2 with Security Clearance

Job Duties * Performs ongoing, comprehensive vulnerability assessments of network cybersecurity risks to enable risk management and mitigation activities.* Monitors the adequacy of cybersecurity measures for information systems and reports vulnerability findings to CSSP Watch leadership. * Utilizes vulnerability data sources such as network discovery, network and host vulnerability scanning, penetration testing, operational exercise data, and compliance inspection reports. * Assesses asset conformity to specified security requirements. * Identifies security vulnerabilities and exposures.Required Skills: * US Citizens Only* Active TS/SCI Clearance and Polygraph required* Minimum of four (4) years of demonstrated experience as a VA in programs and contracts of similar scope, type, and complexity is required.* A technical bachelor''s degree from an accredited college or university may be substituted for two (2) years of VA experience on projects of similar scope, type, and complexity.* Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications. * Requires successful completion of the Splunk software training course ''Fundamentals 1''* One (1) year of demonstrated experience in technical reporting.* One (1) year of demonstrated experience in network and threat analysis.* Knowledge of Common Vulnerabilities and Exposures (CVEs), cyber threats, and vulnerability mitigation strategies.* Conduct research and analysis to stay up to date with current vulnerabilities, provide detailed risk analysis and potential impact.* Utilize multiple data sources to determine a vulnerability''s security impact on the enterprise.* Analyze, assess, compile, and prioritize vulnerabilities to document and communicate mitigation recommendations.* Communicate written and verbal information in a timely, clear, and concise manner.* Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).* Understand network security architecture concepts such as topology and protocols.* Understand what constitutes network risk, cyberattacks, and the relationship between threats and vulnerabilities.* Analyze vulnerability scans.* Recognize security implications of vulnerabilities and assess within the context of the risk management process.* Utilize analysis tools, such as Verodin, Nessus, or RedSeal, to identify vulnerabilities.* Write comprehensive risk assessments on vulnerability impacts.* Utilize automated and manual testing methods to validate the vulnerability testing methods; discover inadequate security practices.* Identify secondary effects of vulnerabilities and exposures, as well as the impact of the mitigations applied to them.* Perform after-action reviews of team products to ensure completion of analysis.* Lead and mentor team members as a technical expert.

Created: 2025-11-15