More jobs:
Cybersecurity Analyst; Vulnerability Management & Continuous Monitoring
Job in
Oakton, Fairfax County, Virginia, 22124, USA
Listed on 2026-05-15
Listing for:
Chenega MIOS SBU
Full Time
position Listed on 2026-05-15
Job specializations:
-
IT/Tech
Cybersecurity, Information Security
Job Description & How to Apply Below
Cybersecurity Analyst (Vulnerability Management & Continuous Monitoring)
Location: Oakton, VA
Chenega Military, Intelligence & Operations Support (MIOS) is seeking a Cybersecurity Analyst to support Department of Defense (DoD) cybersecurity operations by executing vulnerability management, security compliance, and Continuous Monitoring (Con Mon) activities in accordance with the Risk Management Framework (RMF). The role is responsible for identifying, assessing, prioritizing, and tracking vulnerabilities using enterprise tools, ensuring compliance with Security Technical Implementation Guides (STIGs), and responding to Information Assurance Vulnerability Alerts (IAVAs).
Responsibilities- Vulnerability Management
- Perform vulnerability scanning using ACAS (e.g., Tenable.sc / Nessus).
- Enforce ACAS best practice guide requirements.
- Analyze scan results to identify vulnerabilities, misconfigurations, and compliance gaps.
- Validate findings against the latest DISA STIGs and applicable security baselines.
- Review checklists and work with system admins to identify gaps for POA&M creation.
- Assess and track vulnerabilities in accordance with DoD timelines and risk severity.
- Correlate vulnerabilities with IAVA/IAVM notices and ensure timely remediation or mitigation.
- Develop and maintain Plan of Action and Milestones (POA&M) documentation.
- Maintain RA POA&M items within SOR and coordinate with system administrators to validate RA requirements.
- STIG Compliance & Hardening
- Apply and validate STIGs across operating systems, applications, and network devices.
- Conduct manual and automated STIG compliance checks using ACAS Audit checks, STIG Viewer, SCAP Compliance Checker (SCC), and Evaluate‑STIG.
- Document compliance status and provide remediation guidance to system administrators.
- Support system hardening efforts aligned with DoD baseline configurations.
- Ensure that golden images are maintained for Servers (RHEL and Windows) and Workstations following STIG guidance.
- IAVA/IAVM Management
- Monitor and assess IAVA and IAVB alerts and bulletins.
- Determine system applicability and operational impact.
- Coordinate remediation actions and track compliance deadlines.
- Maintain IAVA compliance reporting and documentation for audits.
- Continuous Monitoring (Con Mon)
- Execute Con Mon activities in accordance with RMF Step 6.
- Monitor security controls for effectiveness and ongoing compliance.
- Conduct control assessments and assist with periodic security reviews.
- Support automated and manual data collection for Con Mon dashboards and reporting.
- Identify trends, recurring issues, and systemic risks across systems.
- RMF & Compliance Support
- Support RMF activities across all six steps, with emphasis on control implementation validation, security control assessment support, and ongoing authorization (ATO sustainment).
- Update and maintain RMF artifacts, including System Security Plan (SSP), Security Assessment Report (SAR), POA&M, and Security Assessment Plan (SAP).
- Map vulnerabilities and findings to NIST SP 800‑53 controls.
- Reporting & Documentation
- Generate vulnerability and compliance reports for leadership and Authorizing Officials (AOs).
- Provide risk‑based recommendations and remediation strategies.
- Maintain audit‑ready documentation in accordance with DoD and agency requirements.
- Other duties as assigned.
- High school diploma or GED equivalent.
- 5+ years of experience in DoD cybersecurity or RMF‑based environments.
- Hands‑on experience with ACAS (Nessus / Tenable.sc), STIG implementation and validation, IAVA/IAVM processes, vulnerability assessment, risk analysis, and remediation tracking.
- DoD 8570/8140 compliance:
Must meet IAT Level II requirements (e.g., Security+). - Active DoD Top Secret clearance with SCI eligibility.
- Strong understanding of DoD RMF (DoDI 8510.01) and NIST SP 800‑53 security controls.
- Ability to manage multiple systems and priorities in a regulated environment.
- Strong analytical and problem‑solving skills.
- Attention to detail and compliance rigor.
- Ability to translate technical risk into mission impact.
- Effective communication with technical and non‑technical stakeholders.
- Relevant certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH) or equivalent
- DISA ACAS Training Certificate
- Experience with ACAS, SCAP Compliance Checker (SCC) / Evaluate‑STIG, STIG Viewer, eMASS, Xacta, Trellix, MDE, Splunk, Elastic.
- Familiarity with scripting (Power Shell, Python) for automation.
- Experience in enterprise‑level Con Mon programs or NOSC/SOC environments.
- Competitive pay and benefits package.
- Professional development opportunities.
- Health, dental, vision, retirement plans, and paid time off (details available upon request).
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×