KeenLogic is seeking to hire a Senior Vulnerability Analyst to join our team at the Drug Enforcement Administration. As a Vulnerability Analyst, you will play a crucial role in maintaining security measures to protect an organization's infrastructure and data. This role requires a deep understanding of security technologies, security best practices, and a proactive approach to identifying and mitigating security risks.
This is a full-time position offering Fortune 500-level benefits, PTO, 401k, and Life Insurance. This is a remote position, on-site as needed, based out of the Sterling, VA area.
Qualifications:
- Masters degree in Engineering, Computer Science, Information Security, or Information Systems
- 8+ Years of Related Experience
- Secret Clearance/Interim Secret
Key Responsibilities:
- Perform in-depth analysis of vulnerabilities by correlating data from various sources.
- Proactively research and monitor security-related information sources for vulnerability discovery.
- Assess impact of vulnerabilities on critical systems or data and advise on remediation.
- Maintain patch and vulnerability management practices to protect against exploitation.
- Manage tracking and remediation of vulnerabilities, obtaining action plans from stakeholders and using ticketing systems.
- Research current vulnerabilities and exploits using trusted resources.
- Document remediation tasks for application and system owners.
- Report findings and remediation recommendations to stakeholders (e.g., executive reports, trends reports).
- Assist system engineering team in configuring and deploying vulnerability scanning and network assessment tools.
- Support Incident Detection and Response team in daily operations.
- Conduct scans to identify vulnerabilities and ensure security standards compliance.
- Coordinate with external researchers and organizations during the disclosure process for responsible reporting and resolution.
- Collaborate with teams to implement and utilize automated tools for vulnerability management.
- Coordinate with teams to perform regular patching and scanning.
Experience needed:
- Extensive experience in vulnerability management, patch management, and configuration management best practices.
- Knowledge of researching vulnerabilities, exploitation techniques, and industry trends/threats.
- Familiarity with Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS).
- Experience with vulnerability and compliance scanning tools.
- Ability to interpret security advisories and understand vulnerability exploitation and impact.
- Project management experience.
- Experience with patching procedures for Linux, Windows, etc.
- Ability to self-direct project outcomes and achieve program goals with minimal supervision.