Information Systems Security Engineer (ISSE) - Vulnerability Analyst

STRWoburn, MA
1d$105,000 - $145,000Onsite
Match Resume

About The Position

About the Team: The Classified Cyber Security team at STR is comprised of highly skilled professionals who are responsible for maintaining compliance IAW with Government protocol and directives. The Classified Cybersecurity (CCS) team consists of a collaborative group of ISSM’s, ISSO’s, and ISSE’s who are passionate about national security that take great pride in maintaining confidentiality, integrity, and availability of our Information Systems and enable execution of STRs portfolio of programs across a vast customer base. The Role: STR has an exciting opportunity for a cybersecurity professional to join our established Cybersecurity/Risk Management Framework (RMF) program as a key contributor for classified programs. In this dynamic position, you will interface and collaborate with other Cybersecurity professionals (ISSMs, ISSOs, ISSEs), Security professionals (CPSOs, FSOs), and System Administrators from our Classified Information Technology (CIT) organization. The role will focus on Vulnerability Management across STR’s classified computer networks. This includes managing configuration changes to STR's baseline software and hardware, supporting security architecture improvements, and patch process for current and future technologies. The ideal candidate is expected to bring strong technical skills to enhance STR Vulnerability Management processes, along with a demonstrated eagerness to learn and develop within the classified lab ISSE function. Please note: This is an onsite role and does not offer remote or hybrid work options.

Requirements

  • Security Clearance: Active Secret security clearance with the ability and willingness to obtain Top Secret, SCI, and/or SAP access (U.S. citizenship required).
  • Experience: 2-3 years of hands-on technical experience in Information Assurance/Cyber Engineering or System Administration in the Defense Industrial Base (DIB)
  • Experience with Windows Server Update Services (WSUS) and Linux patching
  • Certification: Minimum of a DoD 8140/8570 IAT Level II certification (Security+) with the willingness and ability to obtain Level III (CISSP, CISM).
  • Knowledge: Knowledge of NIST SP800-53 control implementation and assessment, looking to learn and advance in Cybersecurity field.
  • Familiarity: Knowledge of the DCSA Authorization and Assessment Process Manual/Guide (DAAPM/DAAG) and the Joint Special Access Implementation Guide (JSIG).
  • Technical Skills: Configuration, certification, and auditing/analysis of Windows/Linux operating systems and system virtualization in peer-to-peer, LAN & WAN networks.
  • Using IA vulnerability/compliance scanning tools (e.g. NMap, ACAS, Nessus, Security Content Automation Protocol (SCAP)).
  • Familiarity with scripting in Windows (PowerShell) and Linux (Bash, Ansible) to enhance deployment of patches to systems.
  • Attributes: Excellent communication skills, detail-oriented, self-starter with a focus on understanding STR CCS and CIT processes and procedures.
  • A desire for continuous improvement while working in a team environment and the ability to handle multiple fast-changing priorities/projects effectively.
  • Well-organized, with the ability to track multiple issues and establish processes to assist the team in tracking items to closure.

Responsibilities

  • Review, track, and manage IA Vulnerability (IAVA) announcements (e.g., US-CERT, CISA, vendor alerts, etc.) applicable to STR’s classified networks, ensuring they are communicated to stakeholders and tracked to closure.
  • Perform vulnerability/compliance scanning and remediation tracking.
  • Perform monthly patch testing for all classified network supported operating systems, applications, and hardware (i.e. firmware, BIOS, appliances – switch, firewall, etc.).
  • Prepare System Impact Assessments from the monthly patch testing for communication to the Classified Network Enterprise Configuration Control Board.
  • Prepare and provide metrics on vulnerability status, patch compliance, and the overall risk posture of the various classified networks.
  • Proactively identify potential improvements to the patching processes primarily for 3 rd party vendors and firmware updates.
  • Assist ISSMs, ISSOs, ISSEs in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities.
  • Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, ensuring all security features are implemented and functional.
  • Support the completion of Continuous Monitoring requirements in accordance with RMF and NIST SP800-53 standards.
  • Perform other tasks as assigned by the manager.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

No Education Listed

Job Search Resources

Similar Information Systems Security Engineer (ISSE) - Vulnerability Analyst job opportunities

Information Systems Security Engineer (ISSE) - Vulnerability Analyst
STR
STR • Woburn, MA1d • $105,000 - $145,000 • Onsite
Information Systems Security Engineer (ISSE)
Astrion
Astrion • Biloxi, MS2d
Information Systems Security Engineer (ISSE)
Astrion
Astrion2d
Information Systems Security Engineer (ISSE)
Peraton
Peraton • Pope Field, NC12d • $80,000 - $128,000 • Onsite
Information Systems Security Engineer (ISSE)
Astrion
Astrion2d • Onsite
Information System Security Engineer (ISSE)
CommIT Enterprises
CommIT Enterprises • Stafford, VA6d
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service