Full Time Employee
Fort George G Meade
Information Vulnerability Management Analyst (Job Number:409985)
SAIC currently has a contingency position for a Information Vulnerability Managerment Analyst to support the United States Cyber Command (USCYBERCOM) at Fort Meade, Maryland.
The Information Assurance Vulnerability Management (IAVM) Program supports secure cyberspace operations through the identification and analysis of disclosed vulnerabilities to determine their operational impact to the DODIN. Vulnerabilities found to pose a significant risk to the DODIN are addressed by the IAVM Program through dissemination of IAVM Directives (Information Assurance Vulnerability Alerts (IAVA) and Information Assurance Vulnerability Bulletins (IAVB) mandating DODIN-wide implementation of mitigation or remediation actions. This task area requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation.
Daily activities include:
• Identify and draft mitigation guidance for vulnerabilities with no vendor- provided remediation
• Establish communications with vendors for the release of newly identified vulnerabilities to ensure they understand specialized and proprietary DODIN asset requirements
• Analyze publicly disclosed vulnerabilities of vendor software/hardware products and develop the mitigation/remediation orders
• Compile daily, weekly, monthly and annual vulnerability metrics associated with affected and non-compliant DoD assets
• Utilize tracking tools/capabilities in a vulnerability management system to review manually uploaded and automated information from DoD component to report vulnerability orders and directives compliance
• Develop, coordinate, and maintain accurate USCYBERCOM orders and directives
• Create situational awareness products to provide USCYBERCOM leadership and DoD components with detailed information related to vulnerabilities and appropriate mitigation strategies
• Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities
• Assist with the prioritization of newly identified software/hardware vulnerabilities based upon severity, potential operational impact, exploitation, and other factors to assess risk to DODIN assets
• Conduct open source research to identify and analyze known and unknown vulnerabilities
• Analyze known issues affecting DoD components with vendor provided fixes and contact the appropriate vendor for a defined and attainable solution
• Collaborate and coordinate with DISA Field Security Office (FSO), DoD CC/S/A/FA, Intelligence Agencies, Law Enforcement (LE), and U.S. Government organizations
• Track and provide threat notification to DoD components of vulnerabilities, exploits, propagation of worms, and virus migration
• Develop, document, and convey IAVM operational requirements to enhance capabilities to identify, track, and remediate system and network vulnerabilities as well as automated vulnerability management capability
• Monitor the progress of and collaborate with internal and external organizations to ensure IAVM operational requirements are fulfilled
• Analyze, brief and develop reports on new and existing adversary TTPs.
- Minimum five (5) years of experience with cybersecurity or information assurance.
- Creation and dissemination of orders and directives to provide guidance to the DoD community.
- Staff experience researching and writing white papers, compliance reports and assessment reports in support of activities for defining policy.
- Ability to develop briefing materials, administrative, and logistics support.
-Excellent writing skills and ability to communicate effectively, including public speaking, and briefing senior officers.
-Proficiency in the use of Microsoft Office Suite.
- Vulnerability Management
- Nessus Vulnerability Scanner
- DIACAP Experience
- Microsoft Server or Red Hat Linux Enterprise Server
- Bachelor’s Degree or higher from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline
- Master’s Degree may be substituted for two (2) years of relevant experience
- DoD 8570 Level II Information Assurance Certification is required
TRAVEL AND SECURITY: CONUS/OCONUS; TS/SCI with Polygraph
SAIC Overview:SAIC is a leading provider of technical, engineering and enterprise information technology services to the U.S. government. Our 13,000 employees deliver systems engineering and information technology offerings for large, complex government programs, as well as a broad range of higher-end, differentiated technology services. The company is headquartered in McLean, Va. For more information, visit www.saic.com.
EOE AA M/F/Vet/Disability
Job Posting: Aug 23, 2016, 8:32:46 PM
Primary Location: United States-MD-FORT GEORGE G MEADE
Clearance Level Must Currently Possess: Top Secret/SCI with Polygraph
Clearance Level Must Be Able to Obtain: None
Potential for Teleworking: No
Shift: Day Job
To apply for this job, contact: