Vulnerability Assessment Analyst - Intermediate with ...

Vulnerability Assessment Analyst - Intermediate Excentium, Inc. is a Service-Disabled Veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations. We have an opportunity for a Vulnerability Assessment Analyst supporting our corporate needs in the Springfield, VA area. MINIMUM CLEARANCE LEVEL: TS/SCI (CI Poly required) CITIZENSHIP: US Citizenship LOCATION: Springfield, VA Position Description : We are seeking a mission-focused Vulnerability Assessment Analyst to support and contribute to our government customer''s success in Springfield, VA. The VAA will be a team member and part of an analysts'' group that will conduct enterprise-level security assessments and penetration testing. To support this vital mission, you are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, threat analysis, continuous monitoring, vulnerability assessment, and penetration testing. Candidates must have leadership experience, strong written and verbal communications skills, researching and analysis skills, and attention to detail. The ideal candidate will have a solid understanding of operating system and application vulnerabilities, with hands-on experience conducting enterprise-level vulnerability scans and network penetration testing. The individual in this position must be a motivated team player that strives for professional and technical excellence in Vulnerability Assessment Analysis. Will work with multidisciplinary teams across divisions to plan and deliver projects on time and within budget. This position requires a strong Cybersecurity and leadership background, solid understanding of Cybersecurity methodologies, excellent client management skills, and experience in leading projects with cross-functional technical teams. Successful candidates must be action-oriented, with the ability to communicate clearly and effectively to executive, business, technical, and client audiences. Responsibilities * Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. * Analyze organization''s cyber defense policies and configurations and evaluate compliance with regulations and organizational directives. * Conduct and/or support authorized penetration testing on enterprise network assets. * Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions. * Maintain knowledge of applicable cyber defense policies regulations, and compliance documents specifically related to cyber defense auditing. * Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions. * Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews). * Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications). * Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes). * Conduct vulnerability scans and recognizing vulnerabilities in security systems. * Assess the robustness of security systems and designs. * Detect host and network-based intrusions via intrusion detection technologies (e.g., Snort). * Mimic threat behaviors. * Use of penetration testing tools and techniques. * Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.). * Using network analysis tools to identify vulnerabilities. (e.g., fuzzing, Nmap, etc.). * Reviewing logs to identify evidence of past intrusions. * Conduct application vulnerability assessments. * Perform impact/risk assessments. * Develop insights about the context of an organization''s threat environment. * Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Qualifications * Bachelor''s Degree in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field. * Candidates must have a minimum of 6 years of experience. * Qualified candidates must have one of the following IAT Level 2 certifications: * CCNA Security * CySA+ * GICSP * GSEC * Security+ CE * CND * SSCP * CAP * CASP+ CE * CISM * CISSP (or Associate) * GSLC * CCISO * HCISPP Excentium, Inc. is an equal opportunity employer. Excentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off. We take pride in building a workforce with a strong Veterans focus.

Created: 2025-09-06