This site uses cookies. To find out more, see our Cookies Policy

Vulnerability Management Analyst (VMA) - Information System Security Manager (ISSM) in Hurlburt Field at General Dynamics Information Technology

Date Posted: 3/6/2019

Job Snapshot

  • Employee Type:
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
  • Job ID:

Job Description

The Vulnerability Management Analyst (VMA) - Information System Security Manager (ISSM) will work closely with the Cybersecurity Compliance Team – to support multiple programs and Air Force and USSOCOM connected systems through the vulnerability management and Risk Management Framework (RMF) process. They will be responsible for maintaining configuration items and executing functions on the vulnerability management platform, which includes but not limited to ACAS & Source Code scans, STIG Validation in support of DISA, DoD, USSOCOM, and USAF guidelines and proactive vulnerability detection. They will be responsible for composing essential documentation (procedures, compliance and remediation reports, continuous monitoring, etc.), providing analysis and metrics on vulnerabilities, and driving remediation of vulnerabilities throughout the organization. The ideal candidate has a background in Systems Administration or Systems Engineering, has a strong systems security mindset, and is very detailed oriented with strong written and oral communication skills.

Knowledge, Skills and Abilities

  • 3+ Years of Information Security Experience, working with Vulnerability management tools
  • Demonstrated knowledge of Systems Administration/Engineering with proficiency in analyzing systems designs with a systems security mindset
  • Strong knowledge of threats and vulnerabilities associated with cloud and on-premise network security and Computer Network Defense
  • Demonstrated ability to work effectively in an ambiguous environment
  • Strong oral and written communications skills
  • Strong analytical and problem-solving skills and proactive thinking skills
  • High-level familiarity with Vulnerability Management tools such as ACAS, SCAP, STIG Viewer, Vulnerator and SCCM
  • Moderate to high-level familiarity with and Cybersecurity tools such as Splunk, HBSS and Solarwinds
  • Ability to develop Compliance (Credentialed Scans, CVSS10, OS, HBSS, PKI, AV) and Continuous Monitoring (RMF Controls) reporting metrics and dashboards
  • Moderate to high-level familiarity with RMF input and validation tools such as eMass and XACTA.
  • Basic level familiarity with DoD, USAF, USSOCOM, and other Cyber Security Regulatory Compliance bodies
  • Ability to oversee and/or perform the development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support
  • Ability to drive automation of vulnerability management platform and processes
  • Demonstrated understanding of infrastructure and cloud vulnerability scanning
  • Understanding of how to classify and prioritize the risk of new vulnerabilities based on the operating environment
  • Ability to develop and maintain metrics and reports on vulnerability findings and remediation compliance
  • Facilitate proactive remediation or mitigation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams
  • Provide technical support to system and technology owners to propose mitigation and remediation solutions
  • Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied
  • Document and report on processes and procedures
  • Provide input to leadership for enhancing the vulnerability management strategy
  • Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers and other education opportunities
  • Sense of urgency to address new technologies being deployed: Continuous development of infrastructure and cloud vulnerability expertise to function as subject matter expert in multiple technical or business disciplines
  • A Cyber Security Team team-player contributing to policy development, RMF package accreditations, and Tempest (EMSEC) requirements

Job Requirements

  • 5+ years combined IT Systems and ISSM experience
  • Must have a Secret Clearance to begin work and the ability to obtain a Top Secret-SCI clearance
  • The work is performed in an office and lab environment
  • Must be able to obtain a passport for OCONUS travel, if required
  • Lift over 35 LBS

For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.