Junior Cyber Security Scanning Engineer

• Use active vulnerability scanners to perform high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis of the enterprise security posture. Support full life-cycle vulnerability and configuration management. Communicate recommendations to the responsible parties, track remediation’s and verify security patches and required configurations. Scan the entire enterprise, to include DMZs, and physically separate networks
• Develop and maintain policy and SOP updates
• Analyze available security information including results of configuration compliance verification, vulnerability assessment, security and system patch information, field reports, OIG reports, and intelligence information to assess the status of remote organization’s cyber security posture
• Operate, maintain and configure the configuration compliance verification tool; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
• Operate, maintain and configure the vulnerability assessment tool suite; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
• Operate, maintain and configure the web security assessment tool suite; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
• Maintain and operate all hardware supporting the configuration compliance verification and vulnerability assessment activities including system administration, configuration management, technical troubleshooting, backup/recovery, training and user support
• Develop configuration benchmarks and vulnerability checks based on established configuration standards and CVEs (Common Vulnerabilities and Exposures) using the Security Content Automation Protocol (SCAP)
• Perform liaison activities with other bureaus and offices
• Support incident response, threat analysis, forensics and penetration testing teams by performing on-demand and targeted vulnerability scans

Working knowledge of and experience in information systems methodology, policy, and standards environment of information security, especially in government is desirable. Excellent written and oral communications skills desired. Ability to work collaboratively with a broad range of constituencies essential. A demonstrated ability to work with diverse groups of people is required.

• Active Secret clearance required
• Technical knowledge of information technology and cyber security standards and issues is required for this position
• The CVE (Common Vulnerabilities and Exposures) standard
• Effective written and verbal communication skills
• Persistent and polite follow-up with clients in order to maintain project schedule
• Problem solving and attention to detail

• · Experience with current tools (McAfee ePolicy Orchestrator, Policy Auditor, Tanium, and Rapid 7 Nexpose vulnerability Scanner and App Spider – Web URL)
• Three years of experience in information security, information technology, or related field
• Experience performing vulnerability and/or compliance scanning in an enterprise network environment