Vulnerability Infrastructure Assessment Analyst
ICF is seeking an experienced Vulnerability Infrastructure Assessment Analyst to provide and support activities associated with vulnerability scanning (VS), vulnerability scanning infrastructure support, vulnerability analysis, scan analysis and troubleshooting in support of the DoD scanning requirements. The contractor shall be responsible for routine VS using the Assured Compliance Assessment Solution (ACAS), analyzing VS activities, and maintaining associated and managed enterprise ACAS infrastructures.
Duties & Responsibilities:
Managing and sustaining ACAS application and platform objects (Repositories, Asset Lists, Users, Groups, Scan Zones, Security Centers, Nessus/PVS Scanners)
Analyzing VS and vulnerability compliance
Assisting ACAS users with credentialed scan issues
Performing routine and ad-hoc scans using the ACAS solution
Analyzing VS results and subsequent reporting using the ACAS solution
Maintaining existing SOP documentation and draft new SOPs and other documentation as necessary Technical/Analysis Reports, General (CDRL A001)
VS are conducted in accordance with (IAW) USCYBERCOM guidance (e.g., frequency, method, capability)
Identification of open and unauthorized Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports IAW DoDI 8551.1 and based on the Category Assurance List (CAL)
Identification of vulnerable software and misconfigured services on a network
Identification of specific operating system and application misconfigurations and vulnerabilities
Ensuring subscriber access to VS results
Verification of vulnerability remediation
Identification of potential negative operational impacts due to VS tool usage with mitigation recommendations
Employ use of cyber threat reporting to make recommendations on relative importance of executing migrations to different open vulnerabilities
Scan data is shared and/or made available as required
Monitoring corrective actions or mitigation strategies
Collection and analysis of vulnerability scan activity lessons learned for potential process improvement Technical/Analysis Reports, General (CDRL A001)
Incorporation of applicable lessons learned into current policies and procedures
Collaborating with DoD and/or Non-DoD organizations to improve vulnerability identification
Coordinate with Incident Response and Infrastructure Support staff to meet CSSP requirements
- 5+ years relevant IT experience.
- Bachelor's degree or equivalent experience
- Security clearance required - DOD preferred
- An advanced understanding of current threats and trends present in the Information Security and Technology field
- Advanced knowledge of network and systems technologies and security protocols
- Strong initiative and a personal interest in Information Technology Security
- People skills and the ability to communicate effectively with various clients with the ability to explain and elaborate on technical details
- Excellent written and verbal communication skills.
- Excellent analytical and problem solving skills.
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
ICF is an equal opportunity employer that values diversity at all levels. (EOE – Minorities/Females/ Protected Veterans Status/Disability Status/Sexual Orientation/Gender Identity). For more information, please read our EEO & AA policy.
Reasonable Accommodations are available for disabled veterans and applicants with disabilities in all phases of the application and employment process. To request an accommodation please email email@example.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.
DC Client Office (DC88)