Cybersecurity Vulnerability Management Analyst - ACAS Reviewer with Security Clearance

---

Job description

Title: Cybersecurity Vulnerability Management Analyst - JCIP Expert Location: Reston, VA; Washington, DC; Northern Virginia National Capital Region Clearance: TS/SCI w/CI Poly This is an on-site role. Must be willing to travel up to 30%, including local travel within the National Capital Region (NCR) of Northern Virginia, Maryland, and Washington, DC. Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Our vision of cybersecurity as a holistic, ongoing journey enables us to offer solutions that effectively mitigate risks and address vulnerabilities within any enterprise. As the cyber landscape continuously evolves, so do we, ensuring our services not only meet but exceed the ever-changing needs of our mission-critical clients. From compliance assessments and vulnerability analysis to comprehensive information system security management, Apavo's suite of services is designed to protect and serve the most sensitive and significant sectors of our society. Joining the Apavo team means becoming part of a company rooted in the principles of integrity, quality, and communication. We value positive, candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive, dynamic environment, Apavo is the place for you. Are you ready to be at the forefront of cybersecurity, safeguarding mission-critical systems for military, defense, and critical infrastructure industries? Apavo is seeking a JCIP Expert Technical Reviewer with expertise in Vulnerability Management and Scanning to join our dynamic team. At Apavo, we believe in cybersecurity as a holistic journey, and our suite of services is designed to address vulnerabilities and mitigate risks effectively. Responsibilities: As an Expert Cybersecurity Vulnerability Manager (ACAS Reviewer), you will play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). You will conduct comprehensive assessments using automated tools such as Tenable, Nessus, and Qualys, ensuring compliance with cybersecurity standards and regulations. Your responsibilities will include: Accountability for all project management artifacts for a select number of projects, including but not limited to project plans, scoping documents, weekly status updates, and the weekly team meeting agenda
Interacting with leadership and site technical staff before conducting inspections to facilitate scoping, and data collection to support security controls assessment input, and execution of operational inspection plans.
Responsible for interviewing organizational subject matter experts in conducting STIG, TIG, SRG, and IC policy checklists
Collect data in support of reviewing a comprehensive Threat Informed Critical Controls List (TICCL), provide written input on review of required security controls, potential vulnerability exploitation, and how MITRE ATT&CK techniques are plausibly successful based on organizational weaknesses. Ensure inputs link back to security controls
Participating in the planning, execution, and reporting of security audits and network vulnerability assessments with minimal supervision
Assisting in preparation of assessment deliverables -Security Risk Assessments input, compliance data, STIG data, etc.
Communicating on impact of vulnerabilities verbally, through presentations and written deliverables
Plan, execute, and report on information technology, privacy, and operational reviews to identify mission, privacy, security, compliance, information technology, and regulatory risks
Familiar with a variety of cybersecurity concepts, practices, and procedures. Relies on extensive experience and judgment to plan and accomplish goals The Expert Cybersecurity Vulnerability Manager (ACAS Reviewer) functions as the critical asset responsible for the collection of scan data for an inspection. Day-to-day responsibilities are to conduct ACAS reviews using the DISA ACAS Best Practice Guide (BPG) and IC CIO 2018-051 Vulnerability Management TIG checklists. This involves coordination with multiple organizations and the reviewer staff. The ACAS reviewer is responsible for the following during an inspection: Working with system administrators to verify scan policies and run scans Troubleshoot coverage challenges across multiple technologies (during a vulnerability assessment includes Windows Servers, network devices/routers/switches (across various vendors such as CISCO, Juniper, Palo Alto, and others) windows workstations, windows virtual environments, host base security (McAfee and others), and other technologies as the program matures and expands its technologies repertoire.)
Obtaining system-specific scans from site personnel including vulnerability, audit, and port scans to be utilized for sampling during an inspection
Consolidating reports on an organization's enterprise. Reports from the scanning tool should include, at a minimum, technology-specific findings, most vulnerable systems, technical summaries of vulnerabilities, plug-in names, severities, and patch status
Validating correct scanning configurations
Conducting interviews
Conducting compliance scans (using SCAP with Nessus audit files)
Completing and developing checklists
Conduct open port scans at each organization
Providing input to written reports on compliance and associated risks
Coordination with the purple team and cyber threat emulation activities
Advanced writing skills; experience in coordinating multiple viewpoints into a cohesive document
Attention to detail is an imperative skill for success
Experience with DISA STIGs and STIG Viewer tool Required Knowledge, Skills, and Abilities: Experience: 12 years of experience or the equivalent combination of education, professional training, or work experience. Candidates must possess DoD 8570 IAT III level certification. Minimum five (5) years of experience in system administration, specifically with ACAS platforms such as Tenable, Nessus, and Qualys.
Minimum ten (10) years of experience in Cyber/Information Assurance, with a strong understanding of cybersecurity disciplines and frameworks.
Strong independent work ethic, exceptional oral and written communication skills, and the ability to work unsupervised. Education: Bachelor's degree in Computer Science or a related technical discipline. Certification: Certification in DoD 8570.01-M Cybersecurity workforce, compliance with DoD Directive 8140 Cyberspace Workforce Management, and IAT Level III. Preferred Qualifications: Technical proficiency in engineering and operations of enterprise Vulnerability Scanning platforms.
Advanced skills in vulnerability assessment and reporting tools such as Tenable, Splunk, and Tableau.
Demonstrated ability to collaborate across departments to implement cybersecurity principles effectively.
Strong multitasking and time management skills with a comprehensive understanding of cyber threats and vulnerabilities. Join us at Apavo and become part of a company committed to integrity, quality, and communication. If you're ready to make a meaningful impact in the cybersecurity world while growing professionally in a supportive, dynamic environment, apply now! Apavo Corporation is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Apavo Corporation takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.

<!– job description page –>