Cyber Vulnerability Analyst / Mostly Remote

Job Description

THIS IS A HYBRID-REMOTE POSITION.

In its majority, work will be performed remotely, from the employee's place of residence. Pre-planned travel to Oak Ridge, Tennessee, or Amarillo, Texas, for on-site interaction, support, and inspections will be required up to 15% of the time.

This position requires a current DOE Q or DoD Top Secret / SCI security clearance.

Global Engineering and Technology (GET) is seeking qualified applicants for Vulnerability Analyst in support of the United States Department of Energy's cybersecurity program. This is a highly compensated, high-responsibility technical security position that is central to our mission's success. The Vulnerability Analyst performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.

COMPENSATION RANGE: $130,000-140,000/year (depending on qualifications and experience)

Duties & Responsibilities:

Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Carries out technical evaluations of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications) as well as non-technical assessments of people and operations to assess risks and vulnerabilities.

Reviews continuous audit and vulnerability assessment data and collaborates with the threat intelligence section to prioritize and manage patch updates based on the risk and impact within the environment.

Conducts necessary reviews in the given environment, such as Technical Surveillance Countermeasure Reviews (TSCM), and TEMPEST countermeasure reviews.

Requirements

Security Clearance:This position requires a current DOE Q or DoD Top Secret / SCI security clearance.

Required Education and Experience (as demonstrated by technical expertise and certification, where applicable):

Associate's degree with 10+ years, or Bachelor's degree with 5+ years of related cybersecurity experience, including at least 5 years performing hands-on vulnerability analysis security work, and assessing security posture based on required cybersecurity principles (directly relevant advanced degrees may be considered partly in lieu of direct experience).

Required Knowledge, Skillset, and Abilities (KSAs):

This position requires senior-level experience as a Vulnerability Analyst.

Knowledge of risk management processes

Knowledge of cyber threats and vulnerabilities

Knowledge of application vulnerabilities

Knowledge of host/network access control

Knowledge of cybersecurity and privacy principles and organizational requirements (related to confidentiality, integrity, availability, authentication, non-repudiation)

Knowledge of network access, identity, and access management

Knowledge of network traffic flow

Knowledge of system and application security threats and vulnerabilities

Knowledge of different types of attacks

Knowledge of ethical hacking principles and techniques

Knowledge of network protocols

Ability to conduct vulnerability scans and identify security system vulnerabilities

Ability to assess the strength of security systems and designs

Ability to use network analysis tools to detect vulnerabilities

Ability to review logs to find evidence of past intrusions

Ability to conduct application vulnerability assessments

Ability to gain insights about an organization's threat environment

Ability to identify systemic security issues based on vulnerability and configuration data analysis

Ability to provide meaningful insights about an organization's threat environment to enhance its risk management approach

Ability to apply cybersecurity and privacy principles to meet organizational requirements (related to confidentiality, integrity, availability, authentication, non-repudiation)

Benefits

Benefits include:

Medical plan options with UnitedHealthcare

Dental Insurance

Long-term and Short-term Disability Insurance

Life Insurance

AD&D Insurance

Generous 401(k) Match

All benefits are effective on day one of employment.

Global Engineering & Technology, Inc. is an equal opportunity employer and does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in provision of employment opportunities and benefits.