Vulnerability Analyst (Remote)

Oxley Enterprises®, Inc.

$90K — $118K *
US-AnywhereRemote in Stafford, VA
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of experience in vulnerability management or security scanning
  • Bachelor's Degree in cybersecurity, information technology, or related field
  • CompTIA Security+ or GIAC Enterprise Vulnerability Assessor (GEVA) preferred
  • Expertise with vulnerability scanning tools like Nessus
  • Exceptional documentation and reporting skills
  • Strong knowledge of Continuous Monitoring security reporting tools
  • Experience supporting federal agency security initiatives

Responsibilities

  • Conduct ad-hoc, prescribed, and recurring vulnerability scans
  • Report scan results and findings to Operations and Engineering teams
  • Manage patches, configuration changes, and corrective actions
  • Document and report findings per VA RMF and POA&M processes
  • Maintain Continuous Monitoring system security reporting tools
  • Track and ensure remediation of identified vulnerabilities on schedule
  • Support penetration testing and independent security assessments

Benefits

  • Comprehensive medical, dental, vision, and prescription drug coverage for employees and their families
  • Company-funded life insurance and disability coverage
  • Optional supplemental insurance for accident and critical illness
  • Additional life insurance options for dependents
  • 401k retirement plan with multiple options for savings
Full Job Description
The following states/districts are excluded from this job ad: AK, CA, CO, CT, DC, HI, LA, MA, MN, MO, NE, NV, NH, NJ, NM, NY, ND, OR, PR, RI, VT, WA, WY

Future Need - Actively Interviewing

Location: Remote in any United States jurisdiction not excluded from this job advertisement.

Defend the security posture of a mission-critical Department of Veterans Affairs (VA) cloud platform. As a Vulnerability Analyst, you will conduct continuous vulnerability scanning across hundreds of applications and drive remediation within defined timelines on Amazon Web Services (AWS) GovCloud.

Position Description: The Vulnerability Analyst conducts ad-hoc, prescribed, and recurring vulnerability scans across infrastructure, containers, applications, and code repositories, coordinating remediation with Operations and Engineering teams.

Minimum/General Experience: 5 years of experience in vulnerability management or security scanning

Minimum Education: Bachelor's Degree in cybersecurity, information technology, or related field; CompTIA Security+ or Global Information Assurance Certification (GIAC) Enterprise Vulnerability Assessor (GEVA) (preferred)

Essential Skills/Qualifications:
  • Expert experience conducting ad-hoc, prescribed, and recurring vulnerability scans using Nessus or equivalent scanning tools
  • Expert ability to document and report scan findings in accordance with established processes
  • Excellent experience supporting routine vulnerability scanning of infrastructure, containers, applications, and code repositories
  • Excellent ability to track, report, and ensure remediation of vulnerabilities
  • Excellent knowledge of Continuous Monitoring system security reporting tools
  • Above average ability to support penetration testing, red team activities, and independent security assessments
  • Above average experience validating security control effectiveness through automated testing and configuration validation
  • Experience supporting a federal agency
  • Excellent verbal and written communication skills

General Physical Requirements needed to perform the essential functions of this job may vary based on the location of the assignment.
  • Assignment Location - Remote
  • Sedentary Work - Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects.
  • Typing, communicating, repetitive motions.
  • Close visual acuity to prepare and analyze data, view computer monitors and read. May need to view presentation screens and other visual aids in a virtual setting.
  • Inside environmental conditions with protection from outside elements.

Security: Active Federal Civilian Public Trust clearance
  • U.S. Citizenship or Permanent Resident that has lived in the United States for at least 3 years

Federal Civilian Public Trust Consists of a review of up to but not limited to:
  • Covers 10 year period and in some instances lifetime events
  • OPM Security Investigations Index (SII)
  • DOD Defense Central Investigations Index (DCII)
  • National Agency Check (NAC) records
  • FBI name check
  • FBI fingerprint check
  • Credit report check
  • Written inquiries to previous employers and references listed on the application for employment
  • Potential interviews with the subject, spouse, neighbors, supervisor, coworkers
  • Law enforcement check
  • Court records check
  • Education check - Attendance and Degrees


Tasks/activities include, but are not limited to:
  • Conducts ad-hoc, prescribed, and recurring vulnerability scans for platform and all hosted applications
  • Reports scan results to Operations and Engineering team members
  • Conducts patch management, configuration changes, corrective actions, or Plan of Action and Milestones (POA&M) creation
  • Documents and reports scan findings in accordance with VA RMF and POA&M processes including uploading scan results to the appropriate scan repository
  • Performs upkeep of the Continuous Monitoring system security reporting tool and provides high-level reporting to portfolio Information System Owners
  • Ensures routine vulnerability scanning of infrastructure, containers, applications, and code repositories across production, staging, and sandbox environments
  • Tracks, reports, and ensures remediation of vulnerabilities within defined timelines coordinating with Operations and Engineering teams
  • Supports penetration testing, red team activities, and independent security assessments as required
  • Validates security control effectiveness through automated testing, configuration validation, and periodic assessments
  • Contributes vulnerability remediation status summaries to the monthly RMF, security, and Authorization to Operate (ATO) status report

Compensation & Benefits: The annual projected pay range for this position is $90,897 - $118,016 with consideration being given to various factors including but not limited to qualifications, experience, job responsibilities, and geographic location.

Oxley Enterprises, Inc. offers a full array of benefits including:
  • Medical, dental, vision and prescription drug coverage for you and your family.
  • Life Insurance, short-term disability and long-term disability paid for by the Company.
  • Supplemental coverages including Accident, Critical Illness, and Hospital.
  • Additional Life insurance coverage for you and your dependents.
  • 401k plan with various options to select based on your retirement goals.

Similar Jobs

More Jobs at Oxley Enterprises®, Inc.

More Information Technology Jobs

Find similar Vulnerability Analyst (Remote) jobs: