CyberSecurity - Vulnerability Assessment Analyst II
Listed on 2026-07-04
-
IT/Tech
Cybersecurity, Information Security
About Agile Defense
At Agile Defense we know that action defines the outcome and new challenges require new solutions. That’s why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next.
Our vision is to bring adaptive innovation to support our nation’s most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility—leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation’s vital interests.
Requisition #: 1642
Job Title: Cyber Security - Vulnerability Assessment Analyst II
Location: Huntsville, AL
Clearance Level: Secret, Must Have Clearance to Start
Required Certification(s): IAT2
Job DescriptionRole Overview
The Vulnerability Assessment Analyst II is responsible for identifying, analyzing, and reporting on cybersecurity vulnerabilities across Department of the Army and DoD enterprise networks. This mission-critical role involves utilizing DoD-approved scanning tools to evaluate network enclaves, hardware, and software, ensuring compliance with strict security configurations and assisting engineering teams with remediation strategies to defend against cyber threats.
Duties and Responsibilities:
Vulnerability Scanning
- Execute routine and ad-hoc vulnerability, compliance, and discovery scans using DoD-mandated tools such as the Assured Compliance Assessment Solution (ACAS) / Tenable Nessus and SCAP Compliance Checker.
Analysis & Reporting
- Analyze scan results to identify false positives, evaluate risk levels, and generate actionable vulnerability reports, dashboards, and Contract Data Requirements List (CDRL) deliverables for Army leadership.
Mitigation & Remediation
- Collaborate directly with Systems Administrators, Network Engineers, and Information System Security Officers (ISSOs) to provide technical guidance on patching, remediation, and mitigation strategies.
Compliance & Directives
- Track and enforce compliance with Information Assurance Vulnerability Alerts (IAVAs), Security Technical Implementation Guides (STIGs), and Army Cyber Command (ARCYBER) directives.
Tool & Infrastructure Management
- Assist in the configuration, troubleshooting, and maintenance of the vulnerability scanning infrastructure (e.g., Security Center, Nessus scanners) within an Impact Level 5 (IL5) or secure enclave environment.
Other Duties:
- Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
- Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
- Basic understanding and ability to identify vulnerabilities and risk levels. Must be able to assist Level 1 analysts.
- Typically has a bachelor degree, and 2-3 years of experience, or equivalent relevant work experience; e.g., each year of work experience may be substituted for each year of education required.
- Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or a related technical field.
- DoD Directive Compliance:
Must meet DoD 8140/8570.01–M requirements for Information Assurance Technical (IAT) Level II (e.g., CompTIA Security+ CE, CySA+, or equivalent).
Experience:
2-3 years of professional experience in cybersecurity, with at least 1 year actively performing vulnerability assessments in a DoD or Army IT environment.
- Technical Proficiency: Hands-on experience operating ACAS (Tenable.sc/Nessus) and applying DISA STIGs using the SCAP toolset.
- RMF & POA&M Management: Demonstrated ability to generate, validate, and assess Plans of Action and Milestones (POA&Ms) for IT systems. Must support all aspects of the Risk Management Framework (RMF), leveraging eMASS and other Customer-utilized systems to ensure Cyber vulnerability controls are successfully maintained and sustained.
- Technical Oversight: Ability to provide technical oversight and risk mitigation recommendations, clearly conveying industry best-practice remediations to the Customer verbally and in formal written formats.
- Continuous Monitoring: De…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).