Candidate will serve as a Vulnerability Management Support Analyst. The Vulnerability Management Support Analyst Group (VMSAG) is dedicated remediation-focused group for “HIGHLY” vulnerable systems. The group identifies, remediates, and tracks systems with high quantities of unresolved Information Assurance Vulnerabilities (IAV). The candidate will be part of an IA engineering group responsible for identifying systems with a high density of unresolved IAVs, that tracts and brings into compliance High Interest IAVs for the United States Army Corps of Engineers and addresses security issues caused by problematic software. The candidate will work on a list of known system and security tool configuration issues that may be contributing to the target system’s non-compliance. Be responsible for remotely connecting to high vulnerability density workstations, through remote access capabilities, remediation of vulnerability findings and resolve any contributing system related issues. Work with Operations staff to isolate the root causes and sources for non-compliance and assist them in implementing remedial action. Telework allowed as approved by the manager.
- Ensure that “highly” vulnerable systems are 0-3% of total population
- Remedy Support Group
- Interface with end users, IA Teams, and Operation Support Teams
- Utilize SCCM Client Health tool and Windows Management Interface (WMI) focused command line scripts
- SCCM Clients not reporting in 21 days
- Initial focus is countering SCCM Client Health issues
- Analyze vulnerability assessment data to identify technical risks to the organization
- Conduct analysis and aggregation of vulnerability data from various sources
- Continue self-development of knowledge, skills and abilities to better support execution of the Information Security (IS) function.
Bachelor's degree in IT Security related field or Associates Degree with two years equivalent experience. Experience in enterprise programming languages and common scripting languages are a plus. Understanding of Windows-based operating systems and the patching process is required.
• Familiarity with ACAS reporting and Nessus scan data
• Scripting experience/knowledge (bash, PowerShell, VB, etc.)
• Basic understanding of network protocols
• Good Analytical skill set (Root Cause Analysis, analyzing scan data)
• Knowledge of Incident Response procedures, forensics
• Knowledge of how to create or apply GPOs (either local or domain)
• Know different Microsoft patching processes and how they work
• Operating System knowledge and/or certifications
• IAT Level III Certification required
Bachelor’s degree in Computer Science or related discipline, or equivalent combination of education and experience in information security in a large, highly-regulated enterprise.
• Prior experience supporting/working with the U.S. Army Corps of Engineers
• Experience with DISA STIGs
• Experience with USCybercom IAVM program
• Experience with IonIA reporting
• Experience running and managing vulnerability assessment tools
• Excellent verbal and writing skills and the ability to write clear and concise assessment reports.
• Be able to execute in a high-pressure environment with tight timeframes
• Prior experience executing vulnerability assessment activities
• Technical security certifications preferred, such as GPEN, CISM, and/or CISSP
• Displays a proven track record in executing vulnerability assessment activities
External Referral Bonus:Ineligible
Potential for Telework:No
Clearance Level Required:Secret
Travel:Yes, 10% of the time
Scheduled Weekly Hours:40
Job Family:Cyber Security
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to firstname.lastname@example.org.
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.