Cybersecurity Analyst; Vulnerability Management & Continuous Monitoring Job Oakton area,Virginia USA,IT/Tech

Position: Cybersecurity Analyst (Vulnerability Management & Continuous Monitoring)

Req : 40432

Summary

Cybersecurity Analyst (Vulnerability Management & Continuous Monitoring)

Oakton, VA

Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer's core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large-scale government operations by leveraging cutting‑edge technology and take your career to the next level!

Securi Gence delivers essential technology services supporting critical national security missions. We are seeking a Cybersecurity Analyst (Vulnerability Management & Continuous Monitoring) to support Department of Defense (DoD) cybersecurity operations by executing vulnerability management, security compliance, and Continuous Monitoring (Con Mon) activities in accordance with the Risk Management Framework (RMF). This role is responsible for identifying, assessing, prioritizing, and tracking vulnerabilities using enterprise tools, ensuring compliance with Security Technical Implementation Guides (STIGs), and responding to Information Assurance Vulnerability Alerts (IAVAs).

Responsibilities

Vulnerability Management
Perform vulnerability scanning using Assured Compliance Assessment Solution (ACAS) (e.g., Tenable.sc / Nessus).
Enforcing the ACAS best practice guide requirements when performing vulnerability scans in ACAS
Analyze scan results to identify vulnerabilities, misconfigurations, and compliance gaps.
Validate findings against the latest released DISA STIGs and applicable security baselines.
Review of provided checklists and working with system admins in identifying gaps for POA&M creation.
Assess and track vulnerabilities in accordance with DoD timelines and risk severity.
Correlate vulnerabilities with IAVA/IAVM notices and ensure timely remediation or mitigation.
Develop and maintain Plan of Action and Milestones (POA&M) documentation.
Maintenance of Risk Acceptance (RA) POA&M items within SOR (System of Record) and coordinating with System administrators to validate that RA is required instead of a POA&M.
STIG Compliance & Hardening
Apply and validate Security Technical Implementation Guides (STIGs) across operating systems, applications, and network devices.
Conduct manual and automated STIG compliance checks using tools such as ACAS Audit checks, STIG Viewer, SCAP Compliance Checker (SCC), and Evaluate-STIG.
Document compliance status and provide remediation guidance to system administrators.
Support system hardening efforts aligned with DoD baseline configurations.
Ensure that golden images are maintained for Servers (RHEL and Windows) and Workstations following STIG guidance.
IAVA/IAVM Management
Monitor and assess Information Assurance Vulnerability Alerts (IAVAs) and Bulletins (IAVBs).
Determine system applicability and operational impact.
Coordinate remediation actions and track compliance deadlines.
Maintain IAVA compliance reporting and documentation for audits.
Continuous Monitoring (Con Mon)
Execute Continuous Monitoring activities in accordance with RMF Step 6.
Monitor security controls for effectiveness and ongoing compliance.
Conduct control assessments and assist with periodic security reviews.
Support automated and manual data collection for Con Mon dashboards and reporting.
Identify trends, recurring issues, and systemic risks across systems.
RMF & Compliance Support
Support RMF activities across all six steps, with emphasis on control implementation validation, security control assessment support, ongoing authorization (ATO sustainment), update and maintain RMF artifacts including the System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and Security Assessment Plan (SAP), and map vulnerabilities and findings to NIST SP 800-53 controls.
Reporting & Documentation
Generate vulnerability and compliance reports for leadership and Authorizing Officials (AOs).
Provide risk‑based recommendations and remediation strategies.
Maintain audit‑ready documentation in accordance with DoD and agency requirements
Other duties…