Vulnerability Management Analyst Secret Security Clearance Required

Shift: Standard; MondayFriday; Onsite

Pay: Commensurate with experience

This role will provide support to increase the Cybersecurity Centers ability to manage the cybersecurity risk to systems assets data and agency capabilities through active identification of system/application weaknesses that require remediation and/or mitigation enabling DoD to focus and prioritize its risk and vulnerability management efforts in alignment with the needs of the Agency. Work shall be performed in accordance with Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01 NIST SP 80040 DoDI 8530.01 CJCSM 6510.02 TASKORD 20020 FRAGO 21 to OPORD 0501CJCSI 6510.01F CJCSM 6510.02 TASKORDER 130670; and any future released directives/mandates.

Responsibilities Include:

• Ensure routine action is taken to identify and correct vulnerabilities according to the following phases. Vulnerabilities include Information Assurance Vulnerability Management (IAVM) as well as vulnerabilities not addressed through IAVM directives but affect DoD owned and managed information systems (ISs) and devices:

1. Identify

2. Analysis

3. Report

4. Remediation/Mitigation

5. Verification

6. Post Analysis / Process Improvement

• Provide metrics tracking the following with regards to performance and mission success: mean time to patch; POA&M and Risk Acceptance staffing; and noncompliance trending.
• Support the risk assessment process Information Security Continuous Monitoring (ISCM) program and Agency overall risk management strategy by providing vulnerability scan information to the Risk Management Group or relevant entity in support of assessing and authorizing the environments;
• Conduct testing of IS software patches updates upgrades and hardware device configurations. Provide information system baseline scan reports.
• Provide enterprise discovery and compliance Vulnerability Scan report.
• Conduct vulnerability scans requests (i.e. SR IR) and provide analysis results.
• Create and maintain consistent repeatable quality driven measurable and comprehensive Vulnerability Management procedures. Establish common standards for directive reporting and compliance as it relates to vulnerability management.
• Host vulnerability remediation/mitigation meetings to review remediation actions with stakeholders; providing SME level guidance on scanning signatures and detection capabilities; Validate and monitor corrective actions/remediation of vulnerabilities on information systems.
• Participate in Cyber Situational Awareness Brief (SAB) and provide: health status of required scans and scanning tools across all environments to include scanning completed by other entities such as DISA; and latest vulnerability status.
• Collaborate with DoD and/or NonDoD organizations to actively share vulnerability information in order to shape cyber mission space for vulnerability mitigation.

• Active Secret Security Clearance.
• At least 5 years of related experience.
• Experience working in a SOC environment.
• Experience conducting vulnerability scans.
• Experience working in a DoD environment.
• Knowledge of cyber chain.
• Ability to maintain DoD 8140 / 8570 IAT II certification and CSSP Analyst certifications

Certification Requirements

DoD IAT II required certification/s (one of the following):

• CCNASecurity
• CySA (CSA)
• GICSP
• GSEC
• Security CE
• CND
• SSCP

DoD CSSP Auditor required certification/s (one of the following):

• CEH
• CySA **
• CISA
• GSNA
• CFR
• PenTest

Equal Employment Opportunity (EEO) Statement

Ryan Consulting Group Inc. is an equal opportunity employer. We are dedicated to ensuring equal employment opportunities in all aspects of employment including recruitment hiring promotion training compensation benefits and termination. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability veteran status or any other characteristic protected by applicable law.

Ryan Consulting Group Inc. is also committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to a disability in the application process please contact

DrugFree Workplace Statement

Ryan Consulting Group Inc. is committed to maintaining a drugfree workplace in compliance with the DrugFree Workplace Act of 1988 which is a requirement for all federal contractors. We recognize the impact that drug and alcohol abuse can have on the safety health and productivity of our workforce and we are dedicated to providing a work environment that is free from illegal and alcohol. All employment offers are conditional upon successfully passing a drug screening.

Pay Transparency Statement

Ryan Consulting Group Inc. complies with all relevant pay transparency laws in each state and jurisdiction where we operate. This includes providing salary ranges and pay data in compliance with state or local regulations where applicable.

We also ensure that applicants and employees in relevant states are informed of their right to inquire about pay information as required by state or local laws. Employees and applicants in states where pay transparency laws are in effect can expect to be provided with salary information upon request during the hiring process.