Cybersecurity Vulnerability Analyst

About The Position

Requirements

• Minimum Associate's degree and 5+ years of experience; Minimum Bachelor’s degree and 3+ years of experience; OR Master’s Degree and 1+ year of experience; OR 0 years with PhD. Bachelor's or Master's degree must be one of the following fields: Information Technology, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering. In lieu of a degree in one of these fields, an additional 4 years of relevant experience or specialized training may be considered.
• Strong understanding of information security principles and practices
• Utilize MITRE ATT&CK, CVSS, and NIST frameworks to assess vulnerability severity and risk impact.
• Basic understanding of web exploitation concepts and techniques.
• Knowledge and understanding of the Open Web Application Security Project (OWASP) top 10.
• Experience operating in a professional IT or cybersecurity environment.
• Experience investigating security events, threats and/or vulnerabilities.
• Understand information security principles, technologies and practices.
• Excellent customer service skills.
• Active Security+ certification.
• Active Secret security clearance required.

Nice To Haves

• CEH, CCNA-Security, CySA+, OSCP (or equivalent), PenTest+ or similar certification a plus.
• Completed multiple Hack-The-Box penetration testing labs and challenges, developing hands-on expertise in vulnerability enumeration, exploitation, privilege escalation, and post-exploitation techniques within realistic, adversarial environments.

Responsibilities

• Reviewing and vetting security vulnerability reports submitted to the DoD VDP from outside hackers.
• Evaluating reports to ensure the vulnerability is reproducible.
• Assessing each vulnerability for severity and assigning an associated risk statement.
• Utilizing the HackerOne Triage console tool to assist in assigning and prioritizing reports.
• Identifying duplicate submissions.
• Writing valid reports in a DOD approved format.
• Serving as a VDP liaison with the hacker community.
• Utilizing offensive toolsets such as Kali Linux to safely analyze production networks and systems.
• Documenting steps and procedures to produce usable vulnerability assessments for the customer.
• Identifying and investigating vulnerabilities, asses exploit potential, and document findings and remedies for presentation to facilitate mitigations on customer systems.
• Conducting web application vulnerability assessment testing using both automated tools and manual web exploitation techniques, using tools such as Burp Suite and open-source toolsets.
• Utilizing a variety of industry standard security tools to conduct automated scans against systems and applications.
• Developing and executing proof-of-concept exploits to demonstrate the real-world impact of identified vulnerabilities, utilizing various web exploitation methods.