Job Summary: The Information Security Analyst, Vulnerability Assessment Analyst will provide service and operational support to all ACS Information Security Office service offerings and capabilities. The InfoSec Analyst will support project work upon request.
The Vulnerability Assessment Analyst will support the execution, planning, and administration of the Vulnerability Management function within Allegis Information Security. The Vulnerability Management Analyst executes core processes in the vulnerability management program focused on vulnerability assessments, penetration testing and social engineering. Additionally, they will support the remediation of vulnerabilities resident within Allegis systems to minimize the organizations potential attack surface for exploitation.
* Analyze vulnerability assessment data to identify technical risks to the organization
* Support the identification and impact classification for new vulnerabilities identified in the environment
* Execute and support vulnerability assessments, penetration testing and social engineering activities
* Provide TVM team information on the emerging cyber threat landscape, including threat actor tactics, techniques, and procedures
* Support leadership to identify capability gaps in vulnerability management services
* Conduct analysis and aggregation of vulnerability data from various Allegis sources
* Brief TVM leadership on vulnerability assessment results and potential risks
* Continue self-development of knowledge, skills and abilities to better support execution of the Information Security function
* Work incidents and requests from the Security ticket queue
* Handle security escalations, identify and resolve critical security events requiring additional/specific investigation, triage and mitigation
* Assist the Information Security, Legal and Compliance teams in the creation of procedures, technical documentation, and completion of project tasks as required
* Document and report assessment and incident findings to the TVM manager and ISO
* Collaborate with IS management, the corporate Legal department, safety and security, and law enforcement agencies to manage risks and security vulnerabilities
* Actively participate in the IT security community to stay abreast of current standards and best practices.
* Perform other related duties as assigned
Minimum Education and/or Experience:
* Bachelor's degree in the field of MIS, computer science, information systems or computer engineering or equivalent experience
* 5+ years of experience in vulnerability assessment
* Ideal candidates will hold one or more of the following certifications:
o GPEN, CISM, and/or CISSP
* Experience with Agile methodology a plus (ACP)
* Prior experience executing vulnerability assessment activities such as vulnerability scans, penetration tests, web application security assessments, and application security code reviews
* Displays a proven track record in executing vulnerability assessment activities
* Rapid7/NeXPOSE security scanning and management tools
* Incident and Problem management system support working with Security Operations Centers and SIEMS
* Basic understanding of Network, host, data, integration, and application access security in multiple operating system environments (Windows, Solaris, Linux, etc.)
* Basic understanding of Information Security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists
* Basic understanding of the Internet, application, server and network security technologies
* Basic understanding of network scanning and intrusion detection products
* Basic understanding of Data Loss Prevention and threat detection systems Basic understanding of Federal/International regulations related to information security (FISMA, Computer Security Act, Safe Harbor, HIPAA, etc.)
* Customer Service
* Building Relationships
* Business Knowledge / Organizational Acumen
* Self-Motivation/Self Starter
* Leading Self and Others
Since our company was founded in 1983, the Allegis Group Companies continue to be an organization of employees who are driven to succeed and motivated by a strong desire to serve others. We seek to understand our, customers', consultants' and contract employees' needs and challenges in order to fully meet and exceed their expectations. We provide opportunities for job seekers that align with their skill sets and career ambitions and match our customers' expectations. We constantly partner with our colleagues to further the overall objectives of the organization and we embrace opportunities to give back to the communities where we live and work.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.