Cloud Vulnerability Management Analyst

Description

Duties and Responsibilities:

• Performs risk and vulnerability management tasks at the network, system, and application level in multiple cloud environments.

• Runs automated vulnerability scanning tools against all in-scope web applications and systems on the network, adhering to a pre-defined schedule.

• Prioritizes vulnerability scan findings; opens tickets for remediation and tracks them.

• Runs ad-hoc vulnerability scans on an as-needed basis.

• Reviews cyber threat intelligence from multiple external sources; shares relevant threat information with the client.

• Tracks Binding Operational Directive (BOD) Known Exploited Vulnerabilities (KEV).

• Utilizes COTS/GOTS and custom tools and processes/procedures to scan, identify, contain, mitigate, and remediate vulnerabilities and misconfigurations

• Ensure systems are compliant with DISA STIGs.

• Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.

• Performs analyses to validate established security requirements and recommends additional security requirements and safeguards.

• Support cyber metrics development and reporting on vulnerabilities and STIG compliance.

• Effective communication, leadership, and presentation skills.

• Strong problem-solving and analytical abilities.

• A commitment to staying current with industry trends and security developments.

Required Qualifications

• Clearance Requirements: Public Trust

• Minimum Education/Experience: BS in Cybersecurity or related technical field, 5+ years relevant industry experience.

o or MS in Cybersecurity or related technical field, 3+ years relevant industry experience.

o or PhD in Cybersecurity or related technical field with 0+ years relevant industry experience.

• Required Certifications: CompTIA Security+, Certified Information Systems Security Professional (CISSP), or similar.

• Professional experience with the following Vulnerability Management tools: Tenable, Nessus, Qualys, Orca Security, Acunetix

• Experience working with AWS, Azure, OCI, and GCP environments

.

Qualifications

Desired Qualifications

Desired Education/Experience: BS in Cybersecurity or related technical field, 5+ years relevant industry experience.

or MS in Cybersecurity or related technical field, 5+ years relevant industry experience.

or PhD in Cybersecurity or related technical field, 2+ years relevant industry experience.

Desired Certifications: CISSP.

Experience with Orca Security

Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.

SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.