Senior Vulnerability Assessment Analyst

General information

Description & Requirements

ManTech seeks a motivated, career and customer-oriented Senior Vulnerability Assessment Analyst to join our team in the DC, Maryland, and Virginia (DMV) area.

In this role you will contribute to technical vulnerability assessments of applications and infrastructure, vulnerability research, and generation of assessment reports. The individual contributes to the selection of appropriate technical tests, network or vulnerability scan tools, and/or pen testing tools based on review of requirements and purpose; lists all steps involved for executing selected test(s) and coaches others in the use of advanced research, development, or scan tools and the analysis of comparative findings between proposed and current technologies. You will coordinate or lead teams to conducts ethical tests, network scans, and/or vulnerability scans that support the evaluation of information safeguard effectiveness, conducting reconnaissance, target assessment, target selection, and vulnerability research. Using COTS tools you will conduct or lead teams to conduct vulnerability assessments, analyzes results, identifies exploitable vulnerabilities, and verifies vulnerabilities through manual assessment

Responsibilities include, but are not limited to:

• Lead and conduct complex vulnerability assessments, including data analysis, and reporting; write assessment reports, investigate computer attacks, and extract data from electronic systems; Draft and brief contract and government leadership as needed
• Prepares and reviews documents, validates and communicates key findings to stakeholders.
• Utilize the MITRE ATT&CK framework and other techniques to identify, assess, and address cyber threats and vulnerabilities; conduct technical analysis against target systems and networks, identify vulnerabilities, and support the development of new exploitation techniques
• Apply the MITRE D3FEND framework to develop and implement defensive measures against cyber threats; collaborate with other cybersecurity professionals, law enforcement agencies, and intelligence organizations to share information and coordinate response efforts.
• Analyze cyber activities to identify entities of interest, determine malicious behavior, and recognize patterns and linkages; conduct dynamic malware analysis and performing memory and dead-box forensics.
• Investigate computer and information security incidents to determine the extent of compromise to information and automated information systems.
• Perform long-term and time-sensitive in-depth technical analysis of malicious code (malware), developing defensive countermeasures, and producing reports for dissemination.

Minimum Qualifications:

• Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field
• 9+ years experience
• 8570 compliant certifications in IAT Level III, and one of the following relevant certifications- GIAC Certified Forensic Analyst (GCFA), Certified Information Systems Security Professional (CISSP), or Certified Cyber Forensics Professional (CCFP).
• Knowledge and experience with Threat Intel Frameworks (e.g. Cyber Kill Chain, MITRE ATT&CK, Diamond Model)
• Demonstrated experience using EnCase, FTK, and Open-Source methods and tools to perform Computer Forensic investigations
• Experience with Splunk, CrowdStrike Falcon, Security Onion, EnCase, Axiom, FTK, Volatility, Suricata,
• Experience with network topologies and network security devices (e.g. Firewall, IDS/IPS, Proxy, DNS, WAF, etc).

Clearance Requirements:

• Must be a US Citizen and be able to obtain and maintain a Secret clearance.
• The ability to obtain and maintain a DHS EOD suitability is required prior to starting this position.

Physical Requirements:

• Must be able to remain in a stationary position 50%
• Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer
• The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.