Why Work at SI?
Secure Innovations (SI)
successfully and continuously strives to become experts in the Cybersecurity field by only focusing on Cyber! Because of this, we proudly stand behind our motto, "We're Not Standard Cyber. We're the Cyber Standard."
SI was built on the principle that people matter first and foremost. SI believes in providing a strong work/life balance by investing in our employees and encouraging professional and personal growth. We do this by offering exceptional benefits, flexible schedules, and the tools necessary to achieve success through paid training, mentoring, and the opportunity to work alongside top-notch security professionals.
Secure Innovations was recently awarded as a PRIME
on this mission-focused cyber program!
The Cybersecurity / Vulnerability Analyst
performs ongoing, comprehensive vulnerability assessments of network cybersecurity risks to enable risk management and mitigation activities. Monitors the adequacy of cybersecurity measures for information systems and reports vulnerability findings to CSSP Watch leadership. Utilizes vulnerability data sources such as network discovery, network and host vulnerability scanning, penetration testing, operational exercise data, and compliance inspection reports. Assesses asset conformity to specified security requirements. Identifies security vulnerabilities and exposures.
The Cybersecurity / Vulnerability Analyst shall possess the following capabilities:
- Knowledge of Common Vulnerabilities and Exposures (CVEs), cyber threats, and vulnerability mitigation strategies.
- Conduct research and analysis to stay up to date with current vulnerabilities, provide detailed risk analysis and potential impact.
- Utilize multiple data sources to determine a vulnerability’s security impact on the enterprise.
- Analyze, assess, compile, and prioritize vulnerabilities to document and communicate mitigation recommendations.
- Communicate written and verbal information in a timely, clear, and concise manner.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Understand network security architecture concepts such as topology and protocols.
- Understand what constitutes network risk, cyberattacks, and the relationship between threats and vulnerabilities.
- Analyze vulnerability scans.
- Recognize security implications of vulnerabilities and assess within the context of the risk management process.
- Utilize analysis tools, such as Verodin, Nessus, or RedSeal, to identify vulnerabilities.
- Write comprehensive risk assessments on vulnerability impacts.
- Utilize automated and manual testing methods to validate the vulnerability testing methods; discover inadequate security practices.
- Identify secondary effects of vulnerabilities and exposures, as well as the impact of the mitigations applied to them.
- Perform after-action reviews of team products to ensure completion of analysis.
- Lead and mentor team members as a technical expert.
- An Active Clearance w/ FS Poly is REQUIRED
- Four (4) years of demonstrated experience as a VAA in programs and contracts of similar scope, type, and complexity is required.
- One (1) year of demonstrated experience in technical reporting.
- One (1) year of demonstrated experience in network and threat analysis.
- A technical bachelor’s degree from an accredited college or university may be substituted for two (2) years of VAA experience on projects of similar scope, type, and complexity.
- Requires DoD 8570 compliance with Information Assurance Technical (IAT) Level I or Level II certification (A+, Network+, CCNA-Security, CND, SSCP, Security+, CySA+, GSEC, etc)
- Requires successful completion of the Splunk software training course "Fundamentals 1" (This is FREE and can be completed online!)