Cyber Vulnerability Analyst

Full Time


Analyze and manage risk management issues by identifying, measuring, and making decisions on operational or enterprise risks for an organization. 

  • Conduct web application and code testing for all systems and applications, and open source dependencies, providing analysis and risk assessments for vulnerabilities discovered
  • Utilize code analysis and fuzzing tools that are furnished or approved by the Government to assess the quality and security of source code
  • Define secure coding standards and develop secure coding training for current and future developers
  • Conduct code reviews for all code changes for a given application release, providing both a detailed risk analysis of the security posture of the code and technical programming solutions (secure coding standards) to the developers to mitigate insecure code from being implemented
  • Apply the Software Assurance Forum guidance to Systems Lifecycle
  • Process, software development, and engineering principles
  • Provide a monthly report on the overall quality of source code from a security perspective. This report shall include reports of quality by project and/or development team and shall include trend analysis to identify the number of new defects introduced per release, defects remediated in each release, and trends in the types of defects introduced and remediated
  • Provide DevOps evaluation, implementation, and operations support for USCIS static and dynamic code analysis tools (currently HPe WebInspect Enterprise, and HPe Fortify). This includes user account and access management, server management, monitoring, patching, version upgrades, and integration with continuous integration/continuous delivery pipelines
  • The contractor shall assist the government in performing market research to identify and implement new tools that provide better code analysis or support languages not currently support by current toolsets


10+ years cyber security experience. Strong knowledge using vulnerability assessment tools (i.e. AppDetective; Fortify; Nessus; Splunk; WebInspect) and the ability to view and analyze vulnerability reports to prepare risk assessment reports to senior leadership.


Master’s Degree, IA Level III Certification (i.e. CISSP; CASP; CISA; CISM; GSLC) 


Active TS/SCI


Apply for this position

Apply with Indeed
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Veteran/Disability status
Human Check*