Vulnerability Assessment Analyst - Hybrid - XOR Security Washington, District of Columbia, United States Bookmark Share Print 251 0 0

Listing Description

Job Description:

XOR Security is currently seeking talented, experienced Vulnerability Assessment Analysts for an exciting position supporting one of our premier clients. Our project is aimed at establishing cutting-edge techniques for network defense, identifying threats and detecting malicious activity using advanced toolsets.  The ideal candidate will have experience with Vulnerability Assessment/Analysis, Security Controls Assessment, Continuous Monitoring, Continuous Authorization, and FedRAMP assessments and will keep up to date on emerging trends in the cyber security field. 


Washington D.C., USA – On site 3 times a week

Skills and Qualifications:

Required Qualifications:

  • An industry certification such as CASP, CAP, CISSP, CISM, GSEC, GMON, Security+

  • 7 years of experience in Information Assurance

  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience. 

  • In-depth understanding and hands-on experience with Qualys, to include scanning with Security Technical Information Guides (STIG) and CIS benchmarks

  • MS Excel pivot tables

Job Duties:

  • Leverage enterprise scanning applications or tools approved by the government to complete this task. The vulnerability management support will require the Contractor to provide routine and ad-hoc automated vulnerability scans, scans in support of audits, scan result analysis, and validation scans of remediated vulnerabilities identified during Vulnerability Assessment & Penetration Testing engagements.

  • Support vulnerability scans of information systems that are on-premises and hybrid cloud systems as necessary

  • Support scanning and testing at the application and database level and shall refine and mature scanning metrics and thresholds to positively affect program maturity

  • Work with system owners, system administrators and ISSOs to define the scope, develop a test plan, and rules of engagement as necessary

  • Analyze weekly DHS Cyber Hygiene reports, facilitate remediation of findings therein, and promote comprehensive scanning coverage of all Internet- reachable IT assets

  • Identify corrective actions, compensating controls, and assist with POA&M development in CSAM

  • Identify mitigations for non-compliance, notify stakeholders of compliance issues and, where required, perform these mitigations

  • Take into account any infrastructure challenges and make recommendations for improvements where needed. This includes third party service provider hosted Software as a Service (SaaS), Platform as a Service (PaaS) instances as well as Infrastructure as a Service (IaaS)

  • Provide expertise in the review of new vulnerability technologies and capabilities and shall interact with other technology divisions to facilitate deployment

 Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.


Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided


  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765