Location: Oak Ridge TN
Job Title: Vulnerability Analyst
Career Level From: Associate
Career Level To: Senior Specialist
Job Specialty: Cyber Security
What Youll Do
The Vulnerability Analyst is responsible for analyzing key data streams and interpreting threats vulnerabilities impacts and likelihood of asset exposure. The aggregation of ingested data informs analysis with key identifiers to generate a holistic view of the enterprise and provide recommended mitigations and/or remediation of possible exploitable assets. The analyst also assists Vulnerability and Compliance Assessment Management with cyber analysis to support requested exception requests. Responsible for cybersecurity assessment/analysis and provides recommendations for Enterprise level systems and applications designs. Involved in a wide range of cybersecurity areas including system architectures firewalls inspection and analysis tools encryption components and networking architectures. Involved in security reporting and analysis to regulatory agencies.
POSITION DUTIES AND RESPONSBILBILITES
- Identify systemic security issues based on the analysis of vulnerability and configuration data.
- Share meaningful insights about the context of an organizations threat environment that improve its risk management posture.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality integrity availability authentication and non-repudiation).
- Host/network access control mechanisms (e.g. access control list capabilities lists).
- Conduct vulnerability scans and recognizing vulnerabilities in security systems.
- Assessing the robustness of security systems and designs.
- Detecting host and network-based intrusions via intrusion detection technologies (e.g. Snort).
- Ability to mimic threat behaviors.
- Support penetration testing tools and techniques.
- Use social engineering techniques. (e.g. phishing baiting tailgating etc.).
- Support network analysis tools to identify vulnerabilities. (e.g. fuzzing nmap etc.).
- Review logs to identify evidence of past intrusions.
- Conduct application vulnerability assessments.
- Perform impact/risk assessments.
- Develop insights about the context of an organizations threat environment.
- Analyze organizations cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
- Maintain knowledge of applicable cyber defense policies regulations and compliance documents specifically related to cyber defense auditing.
What You Can Expect
- Meaningful work and unique opportunities to support missions vital to national and global security
- Top-notch dedicated colleagues
- Generous pay and benefits with a stable organization
- Career advancement and professional development programs
- Work-life balance fostered through flexible work options and wellness initiatives
Minimum Job Requirements
- Bachelors degree in engineering/science/information technology discipline.
- Masters degree in engineering/science/information technology discipline.
- Eight or more years of education and/or relevant experience may be considered to satisfy educational and years-of-experience requirements for this posting.
Preferred Job Requirements
- Knowledge of computer networking concepts and protocols and network security methodologies.
- Knowledge of laws regulations policies and ethics as they relate to cybersecurity and privacy.
- Knowledge of cybersecurity threats and vulnerabilities.
- Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
- Knowledge of cryptography and cryptographic key management concepts
- Knowledge of cybersecurity specific operational impacts of cybersecurity lapses.
- Knowledge of cybersecurity application vulnerabilities.
- Knowledge of network access identity and access management (e.g. public key infrastructure Oauth OpenID SAML SPML).
- Knowledge of how traffic flows across the network (e.g. Transmission Control Protocol TCP and Internet Protocol IP Open System Interconnection Model OSI Information Technology Infrastructure Library current version ITIL).
- Knowledge of programming language structures and logic.
- Knowledge of system and application security threats and vulnerabilities (e.g. buffer overflow mobile code cross-site scripting Procedural Language/Structured Query Language PL/SQL and injections race conditions covert channel replay return-oriented attacks malicious code).
- Knowledge of systems diagnostic tools and fault identification techniques.
- Knowledge of what constitutes a network attack and a network attacks relationship to both threats and vulnerabilities.
- Knowledge of different classes of attacks (e.g. passive active insider close-in distribution attacks).
- Knowledge of system administration network and operating system hardening techniques.
- Knowledge of cyber-attack stages (e.g. reconnaissance scanning enumeration gaining access escalation of privileges maintaining access network exploitation covering tracks).
- Knowledge of network security architecture concepts including topology protocols components and principles (e.g. application of defense-in-depth).
- Knowledge of security models (e.g. Bell-LaPadula model Biba integrity model Clark-Wilson integrity model).
- Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux IOS Android and Windows operating systems.
- Knowledge of packet-level analysis using appropriate tools (e.g. Wireshark tcpdump).
- Knowledge of network protocols such as TCP/IP Dynamic Host Configuration Domain Name System (DNS) and directory services.
- Knowledge of penetration testing principles tools and techniques.
- Knowledge of application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Why Y-12
You get #morethanajob. We encourage employees to achieve a healthy personal balance among home work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan prescription drug plan vision plan dental plan employer matched 401(k) savings plan disability coverage education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace at Y-12 you can build a career that lasts a lifetime.
Notes
The minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired.
If a range of Career Levels is posted i.e. Senior Associate to Senior Specialist internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level.
Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required.
This position may require entry into the Material Access Areas (MAA) and participation in the Human Reliability Program (10 C.F.R. Part 712) which requires successful competition of a DOE counterintelligence evaluation and may include a counterintelligence-scope polygraph examination.
This position may be categorized as a designated position identified by 10 C.F.R. Part 709 requiring successful completion of a DOE counterintelligence evaluation that may include a counterintelligence-scope polygraph examination.
CNS is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical drug screening and background investigation. As an employee you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to being randomly selected for drug testing without advance notification.
CNS is an equal opportunity employer. All qualified applicants will receive consideration for employment based on merit and without regard to race color religion sex sexual orientation national origin protected veteran status or disability.
Required Experience:
IC
Location: Oak Ridge TNJob Title: Vulnerability AnalystCareer Level From: AssociateCareer Level To: Senior SpecialistJob Specialty: Cyber SecurityWhat Youll Do The Vulnerability Analyst is responsible for analyzing key data streams and interpreting threats vulnerabilities impacts and likelihood of as...
Location: Oak Ridge TN
Job Title: Vulnerability Analyst
Career Level From: Associate
Career Level To: Senior Specialist
Job Specialty: Cyber Security
What Youll Do
The Vulnerability Analyst is responsible for analyzing key data streams and interpreting threats vulnerabilities impacts and likelihood of asset exposure. The aggregation of ingested data informs analysis with key identifiers to generate a holistic view of the enterprise and provide recommended mitigations and/or remediation of possible exploitable assets. The analyst also assists Vulnerability and Compliance Assessment Management with cyber analysis to support requested exception requests. Responsible for cybersecurity assessment/analysis and provides recommendations for Enterprise level systems and applications designs. Involved in a wide range of cybersecurity areas including system architectures firewalls inspection and analysis tools encryption components and networking architectures. Involved in security reporting and analysis to regulatory agencies.
POSITION DUTIES AND RESPONSBILBILITES
- Identify systemic security issues based on the analysis of vulnerability and configuration data.
- Share meaningful insights about the context of an organizations threat environment that improve its risk management posture.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality integrity availability authentication and non-repudiation).
- Host/network access control mechanisms (e.g. access control list capabilities lists).
- Conduct vulnerability scans and recognizing vulnerabilities in security systems.
- Assessing the robustness of security systems and designs.
- Detecting host and network-based intrusions via intrusion detection technologies (e.g. Snort).
- Ability to mimic threat behaviors.
- Support penetration testing tools and techniques.
- Use social engineering techniques. (e.g. phishing baiting tailgating etc.).
- Support network analysis tools to identify vulnerabilities. (e.g. fuzzing nmap etc.).
- Review logs to identify evidence of past intrusions.
- Conduct application vulnerability assessments.
- Perform impact/risk assessments.
- Develop insights about the context of an organizations threat environment.
- Analyze organizations cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
- Maintain knowledge of applicable cyber defense policies regulations and compliance documents specifically related to cyber defense auditing.
What You Can Expect
- Meaningful work and unique opportunities to support missions vital to national and global security
- Top-notch dedicated colleagues
- Generous pay and benefits with a stable organization
- Career advancement and professional development programs
- Work-life balance fostered through flexible work options and wellness initiatives
Minimum Job Requirements
- Bachelors degree in engineering/science/information technology discipline.
- Masters degree in engineering/science/information technology discipline.
- Eight or more years of education and/or relevant experience may be considered to satisfy educational and years-of-experience requirements for this posting.
Preferred Job Requirements
- Knowledge of computer networking concepts and protocols and network security methodologies.
- Knowledge of laws regulations policies and ethics as they relate to cybersecurity and privacy.
- Knowledge of cybersecurity threats and vulnerabilities.
- Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
- Knowledge of cryptography and cryptographic key management concepts
- Knowledge of cybersecurity specific operational impacts of cybersecurity lapses.
- Knowledge of cybersecurity application vulnerabilities.
- Knowledge of network access identity and access management (e.g. public key infrastructure Oauth OpenID SAML SPML).
- Knowledge of how traffic flows across the network (e.g. Transmission Control Protocol TCP and Internet Protocol IP Open System Interconnection Model OSI Information Technology Infrastructure Library current version ITIL).
- Knowledge of programming language structures and logic.
- Knowledge of system and application security threats and vulnerabilities (e.g. buffer overflow mobile code cross-site scripting Procedural Language/Structured Query Language PL/SQL and injections race conditions covert channel replay return-oriented attacks malicious code).
- Knowledge of systems diagnostic tools and fault identification techniques.
- Knowledge of what constitutes a network attack and a network attacks relationship to both threats and vulnerabilities.
- Knowledge of different classes of attacks (e.g. passive active insider close-in distribution attacks).
- Knowledge of system administration network and operating system hardening techniques.
- Knowledge of cyber-attack stages (e.g. reconnaissance scanning enumeration gaining access escalation of privileges maintaining access network exploitation covering tracks).
- Knowledge of network security architecture concepts including topology protocols components and principles (e.g. application of defense-in-depth).
- Knowledge of security models (e.g. Bell-LaPadula model Biba integrity model Clark-Wilson integrity model).
- Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux IOS Android and Windows operating systems.
- Knowledge of packet-level analysis using appropriate tools (e.g. Wireshark tcpdump).
- Knowledge of network protocols such as TCP/IP Dynamic Host Configuration Domain Name System (DNS) and directory services.
- Knowledge of penetration testing principles tools and techniques.
- Knowledge of application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Why Y-12
You get #morethanajob. We encourage employees to achieve a healthy personal balance among home work and the community. One of the ways we embrace work-life balance is by offering flexible work arrangements that provide alternatives to the traditional workweek while still meeting business needs. Top talent and personal commitment mean more to our success than any other factors so we reward our people with the kinds of benefits that make a positive difference in the quality of their lives. Benefits such as: medical plan prescription drug plan vision plan dental plan employer matched 401(k) savings plan disability coverage education reimbursement and many more. Want to stay healthy and fit but hate the cost of a gym membership Take advantage of one of our onsite workout facilities and eat healthy in our onsite cafeterias. Much more than a workplace at Y-12 you can build a career that lasts a lifetime.
Notes
The minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired.
If a range of Career Levels is posted i.e. Senior Associate to Senior Specialist internal applicants already in one of the Career Levels would come across at their current Career Level. Internal applicants currently in a lower level Career Level would move to the lowest posted Career Level.
Requires a Q clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Department of Energy Q clearance is required.
This position may require entry into the Material Access Areas (MAA) and participation in the Human Reliability Program (10 C.F.R. Part 712) which requires successful competition of a DOE counterintelligence evaluation and may include a counterintelligence-scope polygraph examination.
This position may be categorized as a designated position identified by 10 C.F.R. Part 709 requiring successful completion of a DOE counterintelligence evaluation that may include a counterintelligence-scope polygraph examination.
CNS is a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical drug screening and background investigation. As an employee you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to being randomly selected for drug testing without advance notification.
CNS is an equal opportunity employer. All qualified applicants will receive consideration for employment based on merit and without regard to race color religion sex sexual orientation national origin protected veteran status or disability.
Required Experience:
IC
View more
View less
Job Location:
Monthly Salary:
Not Disclosed
Posted on:
4 days ago
Vacancies:
1 Vacancy
