Tyto Athene is searching for a Senior Vulnerability Management Analyst to assist our law enforcement customer in the development and maintenance of the full lifecycle of vulnerability management services from discovery, triage, advising, remediation, and validation. This is an on-site role with expectations of being on the client site in Alexandria, VA five days a week.
Responsibilities:
Support the development and maintenance of vulnerability management services, including vulnerability scanning, vulnerability assessments, and providing advisory and tracking support for vulnerability remediation
Operate and configure agency tools used for vulnerability testing and identification
Review agency vulnerability management plans/policies and update documents as needed
Coordinate with customers regarding scanning schedule and scope
Review, analyze, validate, and report on vulnerability scan results
Develop and disseminate operational and executive-level reports on vulnerability status to stakeholders involved in remediating vulnerabilities
Work with stakeholders as necessary to develop vulnerability remediation strategies and track status
Identify areas for improvement and/or efficiencies including processes, tools, and templates; Identify relevant metrics
Develop processes and document procedures in a Standard Operating Procedures (SOP) format for use by other team members and to enhance efficiencies
Coordinate with other teams, including ISSOs and penetration testers to share information as needed
Opportunity to perform security testing activities, such as penetration testing and application/vulnerability assessment
Required:
Bachelor's Degree or an equivalent combination of formal education and experience
Eight (8) years of general experience and six (6) years of relevant functional experience
Minimum six (6) years of developing, maintaining, and assessing Security Assessment & Authorization (SA&A) packages resulting in an authority to operate (ATO) for IT systems
Five (5) years of experience in vulnerability scanning & remediation
Experience conducting vulnerability scans, including configuration and use of tools such as Tenable Security Center and/or Qualys Knowledge of cybersecurity frameworks, controls and standards, and best practices (e.g., FISMA, ISO 27K, CMMC, NIST)
Knowledge of cloud and network security
Proven track record of identifying and recommending improvement initiatives
Excellent people skills and the ability to work both independently and in a team environment
Excellent communication skills, both written and verbal
Excellent organizational skills with the ability to multi-task and meet deadlines
Certifications:
CISSP Required
Desired:
Certified Authorization Professional (CAP) or Security+ desired
Experience executing security testing activities such as penetration testing and application/vulnerability assessments
Clearance:
Secret Clearance Required
Location:
This is an on-site role with expectations of being on the client site in Alexandria, VA five days a week.