The Kenjya-Trusant Group is seeking a Vulnerability Assessment & Analysis Specialist to support a Government contract in the Annapolis Junction, MD area.
THIS POSITION IS CONTINGENT UPON CONTRACT AWARD
SECURITY REQUIREMENT: TS/SCI w/Full Scope Poly
- Performs ongoing, comprehensive vulnerability assessments of network cybersecurity risks to enable risk management and mitigation activities.
- Monitors the adequacy of cybersecurity measures for information systems and reports vulnerability findings to CSSP Watch leadership.
- Utilizes vulnerability data sources such as network discovery, network and host vulnerability scanning, penetration testing, operational exercise data, and compliance inspection reports.
- Assesses asset conformity to specified security requirements. Identifies security vulnerabilities and exposures.
- Knowledge of Common Vulnerabilities and Exposures (CVEs), cyber threats, and vulnerability mitigation strategies.
- Conduct research and analysis to stay up to date with current vulnerabilities, provide detailed risk analysis and potential impact.
- Utilize multiple data sources to determine a vulnerability’s security impact on the enterprise.
- Analyze, assess, compile, and prioritize vulnerabilities to document and communicate mitigation recommendations.
- Communicate written and verbal information in a timely, clear, and concise manner.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Understand network security architecture concepts such as topology and protocols.
- Understand what constitutes network risk, cyberattacks, and the relationship between threats and vulnerabilities.
- Analyze vulnerability scans.
- Recognize security implications of vulnerabilities and assess within the context of the risk management process.
- Utilize analysis tools, such as Verodin, Nessus, or RedSeal, to identify vulnerabilities.
- Write comprehensive risk assessments on vulnerability impacts.
- Utilize automated and manual testing methods to validate the vulnerability testing methods; discover inadequate security practices.
- Identify secondary effects of vulnerabilities and exposures, as well as the impact of the mitigations applied to them.
- Perform after-action reviews of team products to ensure completion of analysis.
- Lead and mentor team members as a technical expert.
- Four (4) years of demonstrated experience as a VAA in programs and contracts of similar scope, type, and complexity is required.
- One (1) year of demonstrated experience in technical reporting.
- One (1) year of demonstrated experience in network and threat analysis.
- A technical bachelor’s degree from an accredited college or university may be substituted for two (2) years of VAA experience on projects of similar scope, type, and complexity.
- Requires DoD 8570 compliance Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.
- Requires successful completion of the Splunk software training course "Fundamentals 1"
THE KENJYA-TRUSANT GROUP, LLC is a Service-Disabled Veteran-Owned Small Business that was established in 2015 as a merger between The Kenjya Group, Inc. and Trusant Technologies, LLC. Our mission is to implement, support and protect the nation’s advanced technology systems, business processes and high-technology facilities. Working with the Department of Defense, Department of Homeland Security, the Intelligence Community, state and local governments, and commercial clients, Kenjya-Trusant provides cyber protection, information technology, engineering, construction management and acquisition support services. We are a small company with big company benefits, including Health, Dental, Vision, 401K, Bonus Potential, Flexible Spending Account, Life Insurance, Short- and Long-Term Disability, Paid Time Off, and a culture of teamwork and continuous learning. Come grow with us!