XOR Security is currently seeking several Vulnerability Assessment Team Lead Analysts to support an Agency-level SOC at DHS. The SOC program provides comprehensive Computer Network Defense and Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise. VAT Analysts will conduct security event monitoring, advanced analytics and response activities in support of the CND operational mission. To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, threat analysis, continuous monitoring and vulnerability assessment. Strong written and verbal communications skills, researching and analysis skills, and attention to detail. The ideal candidate will have a solid understanding of operating system and application vulnerabilities, with hands-on experience conducting enterprise-level vulnerability scans and network penetration testing.
- Minimum 5 years of professional experience, with professional experience leading a team in a VAT environment.
- Active Secret.
- One or more certifications for VAT Analysts: GPEN, GWAPT, GSNA, GMON, GISF, GAWN, GWEB, GXPN, CEH, GNFA, OSCP, OSEE, OSCE, OSWP, CISSP.
- Proven ability to manage and mentor a team of VAT analysts.
- Strong analytical and technical skills in conducting vulnerability assessments, conduct troubleshooting of failed scans, as well as abilities and prior experience with analyzing vulnerability reports from enterprise assessment tools such as Tenable Nessus/Security Center, Tripwire 360, or NexPose Rapid7.
- Ability to assess large-scale reporting, analyze trends, and provide contextual reporting to senior management and Agency-level POCs.
- Excellent organizational and attention to detail in tracking and reporting compliance activity and trend analysis of enterprise vulnerabilities.
- Ability to develop follow-up action plans to resolve reportable issues and communicate with the other technologists to address security threats and vulnerabilities.
- Identify security gaps, evaluate and implement enhancements.
- Ability to stay up to date with current vulnerabilities, attacks, and countermeasures and provide a detailed analysis of enterprise risks, compensating controls, and risk mitigation plans.
- Able to collaborate on problem management and root cause analysis discussions with fellow network engineers, security engineers, and analysts
- Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
- A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
- Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering.
- DHS Agency Clearance.
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and SECRET CLEARANCE REQUIRED.