Talent.com
Vulnerability Assessment Analyst
Vulnerability Assessment AnalystCalibre Inc • Springfield, VA, United States
Vulnerability Assessment Analyst

Vulnerability Assessment Analyst

Calibre Inc • Springfield, VA, United States
20 hours ago
Job type
  • Full-time
Job description

CALIBRE is an employee-owned mission focused solutions and digital transformation company. We are currently seeking a Vulnerability Assessment Analyst to support work we are doing in Springfield, VA. This position will be on site. This position performs assessments of systems and networks within the NE or enclave and identifies where those systems / networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Additional duties :

  • Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
  • Conduct and / or support authorized penetration testing on enterprise network assets.
  • Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
  • Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
  • Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies / solutions.
  • Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
  • Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network UNCLASSIFIED 96 UNCLASSIFIED and infrastructure, enclave boundary, supporting infrastructure, and applications).
  • Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Required Skills

  • Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • Skill in assessing the robustness of security systems and designs.
  • Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
  • Skill in mimicking threat behaviors.
  • Skill in the use of penetration testing tools and techniques.
  • Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
  • Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
  • Skill in reviewing logs to identify evidence of past intrusions.
  • Skill in conducting application vulnerability assessments.
  • Skill in performing impact / risk assessments.
  • Skill to develop insights about the context of an organization’s threat environment
  • Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • Ability to apply programming language structures (e.g., source code review) and logic.
  • Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
  • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

    • Required Experience

  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of application vulnerabilities.
  • Knowledge of cryptography and cryptographic key management concepts
  • Knowledge of data backup and recovery.
  • Knowledge of host / network access control mechanisms (e.g., access control list, capabilities lists).
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • Knowledge of programming language structures and logic.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language / Structured Query Language [PL / SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of systems diagnostic tools and fault identification techniques.
  • Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  • Knowledge of interpreted and compiled computer languages.
  • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  • Knowledge of system administration, network, and operating system hardening techniques.
  • Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). K0179 : Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • Knowledge of ethical hacking principles and techniques. K0210 : Knowledge of data backup and restoration concepts.
  • Knowledge of system administration concepts for operating systems such as but not limited to Unix / Linux, IOS, Android, and Windows operating systems.
  • Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability.
  • Knowledge of an organization's information classification program and procedures for information compromise.
  • Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • Knowledge of cryptology.
  • Knowledge of network protocols such as TCP / IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. K0342 : Knowledge of penetration testing principles, tools, and techniques.
  • Knowledge of an organization’s threat environment.
  • Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

    • Must haves :

  • Current / Active TS / SCI security clearance
  • 4+ years experience
  • IAT Level 2 Certification (Comp TIA Security+ or CCNA or CISSP
  • Two Penetration Testing Certifications (e.g., GPEN, GWAT, GCIH, CEH, GPYC, LPT, CPT)

    • Qualifications :

  • Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • Skill in assessing the robustness of security systems and designs.
  • Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
  • Skill in mimicking threat behaviors.
  • Skill in the use of penetration testing tools and techniques.
  • Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
  • Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
  • Skill in reviewing logs to identify evidence of past intrusions.
  • Skill in conducting application vulnerability assessments.
  • Skill in performing impact / risk assessments.
  • Skill to develop insights about the context of an organization’s threat environment
  • Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • Ability to apply programming language structures (e.g., source code review) and logic.
  • Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
  • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
    • Create a job alert for this search

    Assessment Analyst • Springfield, VA, United States

    Related jobs
    Threat Assessment Team Lead

    Threat Assessment Team Lead

    K2 Group, Inc. • Arlington, VA, US
    Full-time
    Quick Apply
    This is a contingent opportunity Threat Assessment Team Lead is responsible for the pre-assessment coordination requirements and providing installation support for the development and public...Show more
    Last updated: 30+ days ago
    Cybersecurity Vulnerability Analyst (Incident Manager III)

    Cybersecurity Vulnerability Analyst (Incident Manager III)

    Solutions³ LLC • Arlington, VA, US
    Full-time
    Quick Apply
    Cybersecurity Vulnerability Analyst (Incident Manager III ) Description : Solutions³ LLC is supporting our prime contractor and their U. Government customer to provide cybersecurity vulne...Show more
    Last updated: 30+ days ago
    Vulnerability Assessment Scans for Entity in Annapolis, MD

    Vulnerability Assessment Scans for Entity in Annapolis, MD

    MANAGEMENT APPLICATIONS, INC. • Alexandria, VA, United States
    Full-time
    Vulnerability Assessment Scans for Entity in Annapolis, MD.Managed IT Services and Network Design and Implementation is seeking IT Professionals for positions with an entity in Annapolis, MD.Please...Show more
    Last updated: 30+ days ago • Promoted
    Vulnerability Researcher : All Levels (Applicants must already hold a TS clearance or higher)

    Vulnerability Researcher : All Levels (Applicants must already hold a TS clearance or higher)

    Cipher Tech Solutions • Vienna, VA, USA
    Full-time
    Quick Apply
    The candidate will be working independently as a Vulnerability Researcher to identify flaws in software.The candidate must be familiar with the latest techniques in vulnerability research and demon...Show more
    Last updated: 30+ days ago
    CPS Investigations & Assessments Specialist (Evenings)

    CPS Investigations & Assessments Specialist (Evenings)

    Loudoun County Government • Leesburg, VA, United States
    Full-time
    Loudoun County Government has been named one of Forbes' 2025 Best Large Employers!.We're proud to be recognized nationally for our commitment to employee satisfaction and excellence in public servi...Show more
    Last updated: 30+ days ago • Promoted
    CPS Investigation & Assessment Senior Specialist

    CPS Investigation & Assessment Senior Specialist

    Loudoun County Government • Leesburg, VA, United States
    Full-time
    Loudoun County Government has been named one of Forbes' 2025 Best Large Employers!.We're proud to be recognized nationally for our commitment to employee satisfaction and excellence in public servi...Show more
    Last updated: 30+ days ago • Promoted
    Senior Embedded Vulnerability Researcher

    Senior Embedded Vulnerability Researcher

    Draper Labs • Reston, VA, United States
    Full-time
    Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA.The 2,000+ employees of Draper tackle important national challenges with a promise of delivering ...Show more
    Last updated: 30+ days ago • Promoted
    Vulnerability Researcher : Mid-Level (Applicants must already hold a TS clearance or higher)

    Vulnerability Researcher : Mid-Level (Applicants must already hold a TS clearance or higher)

    Cipher Tech Solutions • Vienna, VA, USA
    Full-time
    Quick Apply
    The candidate will be working independently as a Vulnerability Researcher to identify flaws in software.The candidate must be familiar with the latest techniques in vulnerability research and demon...Show more
    Last updated: 7 hours ago • New!
    Vulnerability Assessment (VA) Team Lead

    Vulnerability Assessment (VA) Team Lead

    TekSynap • Ashburn, VA, United States
    Full-time
    Responsibilities & Qualifications.Assist the Government in managing Enterprise Information System Vulnerability Management (ISVM) compliance validation. briefing leadership on current and future vu...Show more
    Last updated: 1 day ago • Promoted
    Vulnerability Remediation Engineer

    Vulnerability Remediation Engineer

    SkyePoint Decisions • Laurel, MD, United States
    Full-time
    Vulnerability Remediation Engineer.Cyber and Information Security.SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applicatio...Show more
    Last updated: 20 hours ago • Promoted • New!
    Technology Vulnerability Management Engineer

    Technology Vulnerability Management Engineer

    Cooley • Reston, VA, United States
    Full-time
    Technology Vulnerability Management Engineer.Cooley is seeking a Technology Vulnerability Management Engineer to join the Security team. Cooley Technology embraces a culture of customer service exce...Show more
    Last updated: 20 hours ago • Promoted • New!
    Claim Specialist - Property Field Inspection

    Claim Specialist - Property Field Inspection

    State Farm • Warrenton, VA, United States
    Full-time
    Being good neighbors - helping people, investing in our communities, and making the world a better place - is who we are at State Farm. It is at the core of how we operate and the reason for our suc...Show more
    Last updated: 19 hours ago • Promoted • New!
    Vulnerability Assessment Analyst

    Vulnerability Assessment Analyst

    CALIBRE Systems • Springfield, VA, United States
    Full-time
    CALIBRE is an employee-owned mission focused solutions and digital transformation company.We are currently seeking a Vulnerability Assessment Analyst to support work we are doing in Springfield, VA...Show more
    Last updated: 1 day ago • Promoted
    Vulnerability Analyst Lead

    Vulnerability Analyst Lead

    Edgewater Federal Solutions • Bethesda, MD, United States
    Full-time
    Edgewater Federal Solutions is seeking a Vulnerability Management Lead.The VM team's portfolio of activities includes providing vulnerability detection and remediation oversight, vulnerability rese...Show more
    Last updated: 20 hours ago • Promoted • New!
    Endpoint Vulnerability Management SME / Team Lead

    Endpoint Vulnerability Management SME / Team Lead

    MBL Technologies • Bethesda, MD, United States
    Full-time
    Federal government and commercial markets.Our solutions are tailored to support each client's mission, accounting for their unique needs and operating environments to ensure success.We bring the ri...Show more
    Last updated: 1 day ago • Promoted
    Vulnerability Remediation and Patching Support Lead

    Vulnerability Remediation and Patching Support Lead

    Link Solutions • Hyattsville, MD, United States
    Full-time
    Information Technology services to government clients in support of critical mission needs.Delivering a broad range of Infrastructure Operations, Application Development, Cybersecurity, Virtualizat...Show more
    Last updated: 1 day ago • Promoted
    Vulnerability Assessment Team Lead

    Vulnerability Assessment Team Lead

    Tyto Athene, LLC • Ashburn, VA, United States
    Full-time
    Tyto Athene is searching for a.Vulnerability Assessment Team (VAT) Analyst Lead.In this role, you will work closely with threat hunters, threat analysts, and an established SOC-playing a critical p...Show more
    Last updated: 1 day ago • Promoted
    Endpoint Vulnerability Management Subject-Matter Expert / Technical Lead

    Endpoint Vulnerability Management Subject-Matter Expert / Technical Lead

    GovCIO • Washington, DC, United States
    Full-time
    GovCIO is currently hiring for Endpoint Vulnerability Management Subject-Matter Expert / Technical Lead for our NIH Proposal. The Technical Lead will support our client's contract needs.This position ...Show more
    Last updated: 1 day ago • Promoted