CyberSecurity - Vulnerability Assessment Analyst II

Requisition #: 1642

Job Title: Cyber Security - Vulnerability Assessment Analyst II

Location: Huntsville, AL

Clearance Level: Secret, Must Have Clearance to Start

Required Certification(s): IAT2

The Vulnerability Assessment Analyst II is responsible for identifying, analyzing, and reporting on cybersecurity vulnerabilities across Department of the Army and DoD enterprise networks. This mission‑critical role involves utilizing DoD‑approved scanning tools to evaluate network enclaves, hardware, and software, ensuring compliance with strict security configurations and assisting engineering teams with remediation strategies to defend against cyber threats.

• Execute routine and ad‑hoc vulnerability, compliance, and discovery scans using DoD‑mandated tools such as the Assured Compliance Assessment Solution (ACAS) / Tenable Nessus and SCAP Compliance Checker.

• Analyze scan results to identify false positives, evaluate risk levels, and generate actionable vulnerability reports, dashboards, and Contract Data Requirements List (CDRL) deliverables for Army leadership.

• Collaborate directly with Systems Administrators, Network Engineers, and Information System Security Officers (ISSOs) to provide technical guidance on patching, remediation, and mitigation strategies.

• Track and enforce compliance with Information Assurance Vulnerability Alerts (IAVAs), Security Technical Implementation Guides (STIGs), and Army Cyber Command (ARCYBER) directives.

• Assist in the configuration, troubleshooting, and maintenance of the vulnerability scanning infrastructure (e.g., Security Center, Nessus scanners) within an Impact Level 5 (IL5) or secure enclave environment.

• Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
• Measures effectiveness of defense‑in‑depth architecture against known vulnerabilities.
• Basic understanding and ability to identify vulnerabilities and risk levels. Must be able to assist Level 1 analysts.

• Typically has a bachelor degree, and 2–3 years of experience, or equivalent relevant work experience; e.g., each year of work experience may be substituted for each year of education required.
• Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or a related technical field.
• DoD Directive Compliance:
  Must meet DoD 8140/8570.01–M requirements for Information Assurance Technical (IAT) Level II (e.g., CompTIA Security+ CE, CySA+, or equivalent).

Experience:

2–3 years of professional experience in cybersecurity, with at least 1 year actively performing vulnerability assessments in a DoD or Army IT environment.

• Technical Proficiency: Hands‑on experience operating ACAS (Tenable.sc/Nessus) and applying DISA STIGs using the SCAP toolset.
• RMF & POA&M Management: Demonstrated ability to generate, validate, and assess Plans of Action and Milestones (POA&M) s for IT systems. Must support all aspects of the Risk Management Framework (RMF), leveraging eMASS and other Customer‑utilized systems to ensure Cyber vulnerability controls are successfully maintained and sustained.
• Technical Oversight: Ability to provide technical oversight and risk mitigation recommendations, clearly conveying industry best‑practice remediations to the Customer verbally and in formal written formats.
• Continuous Monitoring: Deep understanding and working familiarity with Continuous Monitoring (CONMON) practices, policies, and execution is required.

• Advanced
  
  Certifications:
  
  Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP+), or ACAS‑specific training certificates.
• Army Specific Systems: Familiarity with Army‑specific cyber regulations (e.g., AR 25‑2).
• Automation & Scripting:
  Experience using Power Shell, Python, or Bash to automate vulnerability data parsing or compliance checking.
• Process Optimization: Demonstrated ability to evaluate and recommend automation capabilities to processes to formalize and standardize validation and reporting, as well as design innovative approaches to displaying data analytics for an in‑depth understanding of potential issues related to the Customer’s Systems.
• Project & Team Dynamics: Experience with Agile project management methodologies, DoD Records Management tenets, and the ability to innovate in a highly fluid, fast‑paced environment.

Onsite 5 days per week during Core Business hours. Working directly with the Customer and other Contractors to ensure exceptional service delivery.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities