This position is contingent upon contract award.

Candidates must have an active Secret clearance and verify before applying that you meet the minimum requirements of the position.

Vulnerability Assessment Analyst (System Security Analyst)

Location: Indianapolis IN; Bratenhal OH; or Columbus OH
Clearance Required: Secret (Tier 5 / IT-I)
Work Schedule: Full-time standard hours with flexibility for security incident support

Position Summary

The Vulnerability Assessment Analyst (VAA) plays a key role in safeguarding the DFAS DRAS-M IL-5 Cloud Tenant by proactively identifying analyzing and mitigating security vulnerabilities across enterprise systems. This position ensures that all mission-critical financial applications and infrastructure comply with Department of Defense (DoD) Risk Management Framework (RMF) requirements DFAS cybersecurity policies and industry best practices.

The VAA will conduct continuous monitoring and vulnerability scanning evaluate risk impacts and recommend corrective actions to system owners and administrators. By working closely with the Information System Security Manager (ISSM) cybersecurity engineers and application developers the VAA ensures remediation efforts are implemented effectively and documented in accordance with DoD standards. This position is vital in protecting sensitive financial data maintaining ATO (Authority to Operate) compliance and supporting DFAS financial mission readiness.

Responsibilities

• Conduct regular vulnerability scans using DoD-approved tools such as ACAS (Assured Compliance Assessment Solution) Tenable Nessus or equivalent.
• Analyze scan results identify potential security exposures and validate findings for accuracy and mission impact.
• Develop detailed reports and risk assessments providing actionable remediation recommendations to system administrators developers and program leadership.
• Track vulnerabilities through remediation lifecycle ensuring mitigation or risk acceptance occurs within DoD-mandated timelines.
• Support RMF activities by documenting vulnerabilities risks and mitigations in POA&Ms (Plans of Action and Milestones).
• Collaborate with ISSM cybersecurity engineers and cloud administrators to validate security controls and compliance requirements.
• Participate in patch management efforts by verifying successful deployment and monitoring system configurations.
• Assist with penetration testing support red team/blue team exercises and security control validation as required.
• Monitor emerging threats advisories and CVEs (Common Vulnerabilities and Exposures) to assess potential impact on DFAS IL-5 systems.
• Prepare briefings and vulnerability trend analysis for DFAS leadership and contract stakeholders.
• Contribute to knowledge base articles and process improvements to streamline vulnerability management.

Required Qualifications

• Bachelors degree in Cybersecurity Computer Science Information Technology or related field. (Equivalent work experience may be considered.)
• Minimum of 3 years experience in vulnerability management cybersecurity analysis or information assurance within DoD or other IL-5 environments.
• Hands-on experience with vulnerability scanning tools such as ACAS Tenable Nessus or Qualys.
• Strong knowledge of DoD STIGs RMF and NIST SP 800-53 security control families.
• DoD 8570 IAT Level II certification required (e.g. CCNA-Security CySA CND Security CE).
• Experience documenting and managing POA&Ms in accordance with RMF standards.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication skills including the ability to translate technical risk findings into clear actionable language for both technical and non-technical audiences.

Preferred Qualifications

• Masters degree in Cybersecurity Information Assurance or related discipline.
• Prior DFAS DISA or other DoD financial system cybersecurity experience.
• Familiarity with SIEM tools such as Splunk ArcSight or Elastic for vulnerability log correlation.
• Experience participating in penetration testing or red team/blue team exercises.
• ITIL v4 or ISO 27001 familiarity for process integration into enterprise security operations.
• Strong background in secure DevSecOps environments with experience integrating vulnerability scanning into CI/CD pipelines.

JANUS strives to provide opportunities for career growth through training and development. We also offer an attractive comprehensive benefit package to include health and welfare plans and financial products. As part of a total rewards program employees can benefit from our referral bonus program and other various employee awards. JANUS Research Group takes pride in our benefit package and rewards program which has earned us the certification of a Great Place to Work

JANUS Research Group provides reasonable accommodation so that qualified applicants with a disability may participate in the selection process. Please advise us of any accommodations you request to express interest in a position by e-mailing: Judy Pagac Chief Human Resources Officer at or calling . Please state your request for assistance in your message. Only reasonable accommodation requests related to applying for a specific position within JANUS Research Group will be reviewed at the e-mail address and phone number supplied. Thank you for considering a career with JANUS Research Group.

JANUS Research Group participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information.

E-Verify

JANUS Research Group is an equal opportunity/ affirmative action employer. It is company policy to provide equal opportunity in all areas of employment practice without regard to race color religion sex sexual orientation national origin age marital status veteran status citizenship or disability.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a) 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race color religion sex or national origin. Moreover these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment qualified individuals without regard to race color religion sex national origin protected veteran status or disability.