Cyber Vulnerability Analyst

WASHINGTON, DC

Full Time

Contracts

Experienced

RESPONSIBILITY

Analyze and manage risk management issues by identifying, measuring, and making decisions on operational or enterprise risks for an organization.

Conduct web application and code testing for all systems and applications, and open source dependencies, providing analysis and risk assessments for vulnerabilities discovered
Utilize code analysis and fuzzing tools that are furnished or approved by the Government to assess the quality and security of source code
Define secure coding standards and develop secure coding training for current and future developers
Conduct code reviews for all code changes for a given application release, providing both a detailed risk analysis of the security posture of the code and technical programming solutions (secure coding standards) to the developers to mitigate insecure code from being implemented
Apply the Software Assurance Forum guidance to Systems Lifecycle
Process, software development, and engineering principles
Provide a monthly report on the overall quality of source code from a security perspective. This report shall include reports of quality by project and/or development team and shall include trend analysis to identify the number of new defects introduced per release, defects remediated in each release, and trends in the types of defects introduced and remediated
Provide DevOps evaluation, implementation, and operations support for USCIS static and dynamic code analysis tools (currently HPe WebInspect Enterprise, and HPe Fortify). This includes user account and access management, server management, monitoring, patching, version upgrades, and integration with continuous integration/continuous delivery pipelines
The contractor shall assist the government in performing market research to identify and implement new tools that provide better code analysis or support languages not currently support by current toolsets

EXPERIENCE

10+ years cyber security experience. Strong knowledge using vulnerability assessment tools (i.e. AppDetective; Fortify; Nessus; Splunk; WebInspect) and the ability to view and analyze vulnerability reports to prepare risk assessment reports to senior leadership.

EDUCATION

Master’s Degree, IA Level III Certification (i.e. CISSP; CASP; CISA; CISM; GSLC)

CLEARANCE

Active TS/SCI

Apply for this position

Required*

Apply with Indeed

First Name*

Last Name*

Email Address*

Phone*

Address

Resume*

We've received your resume. Click here to update it.

Attach resume or Paste resume

Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Cover Letter*

In 150 characters or fewer, tell us what makes you unique. Try to be creative and say something that will catch our eye!*

150

The following questions are entirely optional.

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.

Gender

Race/Ethnicity

Veteran/Disability status

Human Check*

Submit Application

Information Protection Solutions

Thanks for visiting our Job Board. Please review our open positions and apply to the positions that match your qualifications.

Cyber Vulnerability Analyst

Apply for this position