Mt. Weather, VA or Washington, DC

IV&V Scanning SME

Job Specs

Cyber Defense

Job Description:

XOR Security is currently seeking an IV&V Scanning SME. The ideal candidate will conduct enterprise and application level security assessment. To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations, threat analysis, continuous monitoring and vulnerability assessment.  Strong written and verbal communications skills, researching and analysis skills, and attention to detail. The ideal candidate will have a solid understanding of operating system and application vulnerabilities, with hands-on experience conducting enterprise-level vulnerability scans and network penetration testing.

Required Qualifications:

  • Minimum 3 years of professional experience conducting vulnerability assessment
  • Strong analytical and technical skills in conducting vulnerability assessments, conduct troubleshooting of failed scans, as well as abilities and prior experience with analyzing vulnerability reports from enterprise assessment tools such as 
  • Ability to assess large-scale reporting, analyze trends, and provide contextual reporting to senior management and system owners.
  • Excellent organizational and attention to detail in tracking and reporting compliance activity and trend analysis of enterprise vulnerabilities.
  • Ability to develop follow-up action plans to resolve reportable issues and communicate with the other technologists to address security threats and vulnerabilities
  • Identify security gaps, evaluate and implement enhancements.
  • Ability to stay up to date with current vulnerabilities, attacks, and countermeasures and provide a detailed analysis of enterprise risks, compensating controls, and risk mitigation plans
  • Able to collaborate on problem management and root cause analysis discussions with fellow network engineers, security engineers, and analysts
  • Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment
  • A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).

Desired Qualifications:

  • 5 years of experience in Independent Verification and Validation
  • 7 years of professional experience in a Computer Science discipline
  • Hands-on experience with Tenable Nessus, WebInspect, Fortify, AppDetective, and other vulnerability management tools considered a must-have
  • Experience with System Security Packages, Authority to Operate, and FISMA requirements considered a must-have

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement - Applicants selected must meet background investigation eligibility requirements - US CITIZENSHIP AND ACTIVE SECRET CLEARANCE WITH SCI ELIGIBILITY REQUIRED.