JCIP Senior Technical Reviewer - Vulnerability Management/Scanni with Security Clearance

---

Job description

Title: Senior Cybersecurity Vulnerability Management Analyst - JCIP Senior Location: Reston, VA; Washington, DC; Northern Virginia National Capital Region Clearance: TS/SCI w/CI Poly This is an on-site role. Must be willing to travel up to 30%, including local travel within the National Capital Region (NCR) of Northern Virginia, Maryland, and Washington, DC. Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Our vision of cybersecurity as a holistic, ongoing journey enables us to offer solutions that effectively mitigate risks and address vulnerabilities within any enterprise. As the cyber landscape continuously evolves, so do we, ensuring our services not only meet but exceed the ever-changing needs of our mission-critical clients. From compliance assessments and vulnerability analysis to comprehensive information system security management, Apavo's suite of services is designed to protect and serve the most sensitive and significant sectors of our society. Are you ready to be at the forefront of cybersecurity, safeguarding mission-critical systems for military, defense, and critical infrastructure industries? Apavo is seeking a Senior Cybersecurity Vulnerability Management Analyst to join our dynamic team. In this role, you will evaluate the cybersecurity posture of enterprise environments across the Intelligence Community (IC). You will conduct comprehensive assessments through detailed analysis of vulnerability scans, ensuring compliance with Intelligence Community Directives (ICD) Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 rev 5 security controls using automated tools such as Tenable, Nessus, and Qualys. Responsibilities The ACAS Senior Cybersecurity Vulnerability Manager functions as the critical asset responsible for the collection of scan data for an inspection. Day-to-day responsibilities are to conduct ACAS reviews using the DISA ACAS Best Practice Guide (BPG) and IC CIO 2018-051 Vulnerability Management TIG checklists. This involves coordination with multiple organizations and the reviewer staff. The ACAS reviewer is responsible for the following during an inspection: Working with system administrators to verify scan policies and run scans Troubleshoot coverage challenges across multiple technologies (during a vulnerability assessment includes Windows Servers, network devices/routers/switches (across various vendors such as CISCO, Juniper, Palo Alto, and others) windows workstations, windows virtual environments, host base security (McAfee and others), and other technologies as the program matures and expands its technologies repertoire.) Obtaining system-specific scans from site personnel including vulnerability, audit, and port scans to be utilized for sampling during an inspection Consolidating reports on an organization's enterprise. Reports from the scanning tool should include, at a minimum, technology-specific findings, most vulnerable systems, technical summaries of vulnerabilities, plug-in names, severities, and patch status Validating correct scanning configurations Conducting interviews Conducting compliance scans (using SCAP with Nessus audit files) Completing and developing checklists Conduct open port scans at each organization Providing input to written reports on compliance and associated risks Coordination with the purple team and cyber threat emulation activities Advanced writing skills; experience in coordinating multiple viewpoints into a cohesive document Attention to detail is an imperative skill for success Experience with DISA STIGs and STIG Viewer tool Accountable for all project management artifacts for a select number of projects, including but not limited to project plans, scoping documents, weekly status updates, and the weekly team meeting agenda Lead all relevant program and project team meetings in coordination with stakeholders Drive process improvements and technology solutions that enhance team productivity and effectiveness Review possible improvement actions to enhance team performance and ensure quality and consistency of team execution against targeted project initiatives Anticipate internal and/or external business challenges and resistance and recommend solutions Oversee the development and execution of projects from original concept through implementation and conclusion. Prepare and refine detailed work plans, schedules, project estimates, resource plans, and status reports. Knowledge, Skills and Abilities Experience: 12 years of experience or equivalent combination of education, professional training, or work experience. At least 5 years of experience in system administration with ACAS platforms such as Tenable, Nessus, and Qualys. Minimum of 8 years of experience in Cyber/Information Assurance with a comprehensive understanding of cybersecurity disciplines. Education: Bachelor's degree in Computer Science or a related technical discipline. Certifications: Certification in DoD 8570.01-M Cybersecurity workforce, compliance with DoD Directive 8140 Cyberspace Workforce Management, and IAT Level III. Skills: Strong independent work ethic (auditor mentality), exceptional oral and written communication skills, and the ability to work unsupervised. Preferred Qualifications Technical Proficiency: Experience in engineering and operations & maintenance of enterprise Vulnerability Scanning platforms (e.g., Tenable, Nessus, Qualys). Ability to analyze raw vulnerability data and develop enterprise level reports. Understanding of enterprise Nessus security center architecture. Advanced Skills: Proficiency in using advanced vulnerability assessment and reporting tools such as Tenable, Splunk, and Tableau. Interdivision Collaboration: Demonstrated ability to operate across departments to implement cybersecurity principles effectively. Multitasking and Time Management: Capable of multitasking with efficient time management and possessing a comprehensive understanding of cyber threats, vulnerabilities, and network security methodologies. Join us at Apavo and become part of a company committed to integrity, quality, and communication. If you're ready to make a meaningful impact in the cybersecurity world while growing professionally in a supportive, dynamic environment, apply now! Apavo Corporation is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Apavo Corporation takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.

<!– job description page –>