DANASTAR is currently seeking an experienced Vulnerability Assessment Analysts to support one of our government clients. The ideal candidate will have hands-on experience with Vulnerability Assessment/Analysis using Qualys, and cybersecurity compliance in federal government organizations.
Required Qualifications:
In-depth understanding and hands-on experience with Qualys, to include scanning with Security Technical Information Guides (STIG) and CIS benchmarks
MS Excel pivot tables
A related industry certifications such as GIAC GEVA, CASP, CAP, CISSP, CISM, GSEC, GMON, Security+
7 years of experience in Information Assurance supporting federal government.
Bachelor's Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience
Job Duties:
Leverage enterprise scanning applications or tools approved by the government to complete this task. The vulnerability management support will require the Contractor to provide routine and ad-hoc automated vulnerability scans, scans in support of audits, scan result analysis, and validation scans of remediated vulnerabilities identified during Vulnerability Assessment & Penetration Testing engagements.
Support vulnerability scans of information systems that are on-premises and hybrid cloud systems as necessary
Support scanning and testing at the application and database level and shall refine and mature scanning metrics and thresholds to positively affect program maturity
Work with system owners, system administrators and ISSOs to define the scope, develop a test plan, and rules of engagement as necessary
Analyze weekly DHS Cyber Hygiene reports, facilitate remediation of findings therein, and promote comprehensive scanning coverage of all Internet- reachable IT assets
Identify corrective actions, compensating controls, and assist with POA&M development in CSAM
Identify mitigations for non-compliance, notify stakeholders of compliance issues and, where required, perform these mitigations
Take into account any infrastructure challenges and make recommendations for improvements where needed. This includes third party service provider hosted Software as a Service (SaaS), Platform as a Service (PaaS) instances as well as Infrastructure as a Service (IaaS)
Provide expertise in the review of new vulnerability technologies and capabilities and shall interact with other technology divisions to facilitate deployment
DANASTAR offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k, vacation and all federal government holidays. DANASTAR is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.