The Defense Group of Leidos has an opening for a Cyber Vulnerability Management Compliance Analyst supporting the Global Information Grid (GIG) Service Management-Operations (GSM-O) contract at Ft. Meade, MD.
The Cyber Vulnerability Management Compliance Analyst will track the DODIN vulnerability management operations, interface with Combatant Commands, Services, Agencies and Field Activities to compile statistics and generate reports on compliance levels and will alert JFHQ-DODIN leadership to negative trending and systematic issues.
The candidate will support GSMO Task Order 30
- Communicate (written and oral) with CC/S/A/FAs concerning CVM compliance status including their current status, POA&M, technical requirements for their systems, policy and program details and changes.
- Utilize a vulnerability management system and any follow-on systems to properly upload information, generate reports, and review POA&M for vulnerability compliance tracking.
- Provide compliance information, as directed, to the various JFHQ-DODIN directorates to support operations.
- Compile vulnerability compliance reports and briefings associated with affected and non-affected DoD assets to produce weekly, monthly, and annual reports/matrix/metrics including, but not limited to monthly POA&M audits and watch lists.
- Develop and provide technical review for CVM products including POA&M audits and incidents resulting from unmitigated vulnerabilities for Government review.
- Provide JFHQ-DODIN leadership information on CVM compliance. Develop, staff, and maintain accurate JFHQ-DODIN orders including but not limited to WARNORDs, OPORDs, TASKORDs, and FRAGOs.
- Be knowledgeable of current and planned CVM technologies and perform duties related to the CVM Program, HBSS, Continuous Monitoring and other automated technologies.
- Maintain CVM program, policy, and direct their implementation.
- Active DoD TS/SCI clearance and eligible for polygraph
- Bachelor's Degree + 4-8 years of related experience
- Previous tools experience working with ArcSight, Splunk, PCAP, JIMS or equivalent toolsets.
- Technical understanding in some of the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication installation, or malware types), or intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, or open source information collection)
- Experience in an Operations Center providing Senior Leaders specified reports based on information received from supporting units.
- Have working knowledge of threat and vulnerability analysis, routing protocols, routing, intrusion detection systems, intrusion protection systems, Domain Name Service, or network traffic analysis.
- Critical/logical thinking skills
- Experience working with the Intelligence Community and priority intelligence requirements
- Advanced communications and presentations skills (verbal and written) enabling precise conveyance of information across all CC/S/A/FA with command and proper enunciation of the English language
- DoD 8570 Requirements IAM Level III
- ITIL v3 Foundation certified
External Referral Eligible