Vulnerability Management Analyst

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data.

We are seeking a Vulnerability Management Analyst to conduct Technical Security Assessments; Perform Enterprise Vulnerability Scanning & Reporting Functions; and conduct Enterprise Vulnerability System Scanning.

This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

Roles and Responsibilities
Develops risk-based mitigation strategies for networks, operating systems, and applications
Compiles and tracks vulnerabilities and mitigation results to quantify program effectiveness
Review and define requirements for information security solutions
Document security breaches and the extent of the damage caused by the breaches through extensive reports.
Organize network-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers, and other network hosts.
Creates and maintains vulnerability management policies, procedures, and training
Review and define requirements for information security solutions
Ability to deliver high quality products using Microsoft PowerPoint, Excel, and Word
Strong written and verbal communication skills
Required Skills
Must be able to perform Vulnerability and Compliance assessments on all devices identified during enterprise network scans, including: Operating systems, Oracle and MySQL Databases, and Web applications
Comfortable using enterprise-class network scanning tools such as: (Tenable Nessus, Tenable Security Center), database scanning tools (AppDetective and DbProtect) and Web scanning tools (Web Inspect), and should be knowledgeable about the security best practices and most common vulnerabilities that exist for each of these technologies, including SANS and OWASP Top 1
Experience performing enterprise-level assessment scanning of Networks, databases, and Web Applications
Comfortable configuring and performing host, ports and services discoveries on large enterprise networks, and identify target operating systems and applications/services based on discovery scan results
Experience with open source and commercial testing tools; A non-comprehensive list includes Nessus, NMAP, App Detective, Hailstorm, Guardium, and Web Inspect
Comfortable using, configuring, troubleshooting, and administering Tenable Security Center, Tenable Nessus (standalone), AppDetective, and Web Inspect
Solid understanding of the security policies used by intelligence organizations, as well as security guidelines published by the National Institute of Standards (e.g., 800-53 and 800-53a)
Providing recurring and ad-hoc reporting for executive management on multiple CVEs
Implementing more automated communications, tracking, and reporting solutions for the enterprise data call process
Certification Requirement
Prefered certifications : Certified Information Sysrtems Auditor (CISA), GIAC
Location
Washington, D.C.
Security Clearance
Top Secret with SCI eligibility and ability to pass a Counter-Intelligence (CI) polygraph
Job Type: Full-time

Pay: $68,077.71
– $151,846.18 per year

Work Location: Multiple Locations