TCW - Vulnerability Assessor II (Texas)
Apply for this position: Send a Microsoft Word copy of your resume to: HR@zavda.com
Clearance: TS/SCI with Polygraph
Zavda was founded in 2006 and is a SDB certified, Service Disabled Veteran owned, and Woman owned small business that offers leading IT management, Intel, and Cyber opportunities in both the private and public sector. Zavda is looking for a Vulnerability Assessor.
Job Description:
The Vulnerability Assessor performs ongoing, comprehensive vulnerability assessments of network cybersecurity risks to enable risk management and mitigation activities. Monitors the adequacy of cybersecurity measures for information systems and reports vulnerability findings to CSSP Watch leadership. Utilizes vulnerability data sources such as network discovery, network and host vulnerability scanning, penetration testing, operational exercise data, and compliance inspection reports. Assesses asset conformity to specified security requirements. Identifies security vulnerabilities and exposures.
Required:
- Knowledge of Common Vulnerabilities and Exposures (CVEs), cyber threats, and vulnerability mitigation strategies.
- Conduct research and analysis to stay up to date with current vulnerabilities, provide detailed risk analysis and potential impact.
- Utilize multiple data sources to determine a vulnerability’s security impact on the enterprise.
- Analyze, assess, compile, and prioritize vulnerabilities to document and communicate mitigation recommendations.
- Communicate written and verbal information in a timely, clear, and concise manner.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Understand network security architecture concepts such as topology and protocols.
- Understand what constitutes network risk, cyberattacks, and the relationship between threats and vulnerabilities.
- Analyze vulnerability scans.
- Recognize security implications of vulnerabilities and assess within the context of the risk management process.
- Utilize analysis tools, such as Verodin, Nessus, or RedSeal, to identify vulnerabilities.
- Write comprehensive risk assessments on vulnerability impacts.
- Utilize automated and manual testing methods to validate the vulnerability testing methods; discover inadequate security practices.
- Identify secondary effects of vulnerabilities and exposures, as well as the impact of the mitigations applied to them.
- Perform after-action reviews of team products to ensure completion of analysis.
- Lead and mentor team members as a technical expert.
Education / Experience:
- Four (4) years of demonstrated experience as a VAA in programs and contracts of similar scope, type, and complexity is required.
- One (1) year of demonstrated experience in technical reporting.
- One (1) year of demonstrated experience in network and threat analysis.
- Requires DoD 8570 compliance with CSSP Analyst baseline certification. (ie- CEH, CFR, CCNA Cyber Ops, CCNS-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, PenTest+). Any of the listed certs meet this requirement.
- Information Assurance Technical (IAT) Level I or Level II certification. (ie- A+, CCNA-Security, CND, Network+, SSCP, CySA+, GICSP, GSEC, or Security+). Any of the listed certs meet this requirement.
- Computing Environment (CE) certification.
- Requires successful completion of the Splunk software training course "Fundamentals 1"
Equivalent: The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications. A technical bachelor’s degree from an accredited college or university may be substituted for two (2) years of VAA experience on projects of similar scope, type, and complexity.
Job Location:
Work Schedule: 12-hour shifts, on a Panama Shift Cycle (some nights and weekends will be required)