View Job

Overview:  Seeking Entry Level Cybersecurity Specialist to work at Joint Base Andrews (JBA) performing Vulnerability Management Remediation duties. Primary focus will be the remediation of the remaining 5% vulnerabilities that don’t get remediated via automated mechanisms.

Roles and Responsibilities:

•        Remediating the “remaining” 5% of open vulnerabilities that are not patched by the automated patching solution using various strategies such as scripting, manual patching, submitting tickets, quarantining, etc.
•        Reviewing and validating DISA STIG checklists submitted by the System Owners to ensure that all checks are properly configured per the STIG and all checklists are updated properly.
•        Individual is responsible for analyzing newly issued unanalyzed vulnerabilities, determine risk to DoD Information systems of vulnerability based upon knowledge and experience with Information Systems.
•        Determine risk and security posture of DOD Information Systems based upon analysis of Combatant Command, Service Cyber Components, Agencies, and Field Activity reported patch compliance and compliance reporting.
•        Leveraging a specialized understanding of vendor products and fixing actions to develop mitigation orders for the identified vulnerabilities.
•        Compiling daily, weekly, and annual vulnerability metrics associated with affected and non-affected DoD products.
•        Follow-up with owners to ensure remediation efforts are consistent with policy and escalate instances of noncompliance.
•        Prepares formal reports and presentations of findings and recommendations
•        Present vulnerability reports to cross-functional stakeholders, to include Cybersecurity leadership.
•        Analysis on the End of Life software on end user machines to remove or upgrade the software.
•        Utilizing tracking tools to upload information for DoD component consumption and vulnerability compliance tracking.
•        Creating situational awareness products to provide DoD components with detailed information related to vulnerabilities and appropriate mitigation strategies.
•        Providing notification of potential threats by tracking vulnerabilities and exploits, propagation of worms and viruses as they migrate throughout DoD and globally.
•        Developing, documenting, and conveying IAVM operational requirements to enhance capabilities to identify, track, and remediate system and network vulnerabilities as well as for a real-time patch management capability.
•        Managing/generating reports, reviewing/approving Plans of Actions and Milestones (POA&M), Operational Impact Statements and Information Assurance Vulnerability Alert (IAVA) compliance.
• Shift Hours:  Day-Shift; core support hours are 0600 -1800.

Basic Qualifications

•        Entry Level- High School Degree with 0-5 years’ experience / Substitution of years of experience for degree: 4 years of Experience for a Bachelor’s Degree
•        Possess a current DoD 8570 compliant certification for IAT Level II, e.g. Security + w/CE prior to start.
•        Must hold active DoD Secret clearance or higher.
•        Hands-on experience conducting vulnerability assessment and analysis utilizing SCAP, ACAS/NESSUS and DISA STIGs
•        Experience with Scripting/Automation using PowerShell and shell script languages
•        Ability to use, troubleshoot, and fix existing PowerShell and shell scripts
•        Technical experience discovering, validating, and remediating network vulnerabilities.
•        Experience interpreting security advisories. Ability to leverage diverse sources to gain a technical understanding of a vulnerability, exploitation, and potential impact.
•        Experience troubleshooting Microsoft Endpoint Configuration Manager (MECM)
•        Experience with interacting with customers to handle service inquiries and problems
•        Experience with server patch management methodologies
•        Time management skills
•        Strong oral and written communications skills
•        Track record of working effectively within a team, and support to peers toward improved processes and results

Experience with IT Service Management systems such as Rem