Listing Description
XOR Security is looking for a Vulnerability Remediation Manager/Attack Surface
Reduction Specialist to perform the following duties:
• Engage stakeholders (System Owners, Administrators, ISSOs, ISSMs) to assess and
prioritize vulnerabilities for HVA program and develop plans for remediation or risk
mitigation activities
• Track remediation planning efforts of remediation activities and provide reporting to
federal and contract leadership
• Develop an accurate and updated Cybersecurity Penetration Program Test Plan that
reflects changes to the Release Plan.
• Develop a complete and timely Risk and Vulnerability Assessment (RVA) with both
internal and external security testing and penetration testing in which assessors mimic
real-world attacks to identify methods for circumventing the security features of an
application, system, or network. Deliverables for Penetration Testing include, but are not
limited to, a Rules of Engagement (RoE) document containing the type and scope of
testing, and client contact details and a Penetration Test Report that includes an executive
summary, a contextualized walkthrough of technical risks, potential impact of
vulnerabilities found, and vulnerability remediation options.
• Support the creation and collaborative update of the program IT Security and Penetration
Test Strategy and Test Plan.
• Facilitate meetings and interviews to collaborate with the Cybersecurity SRM Penetration
Testing Office and other Vulnerability Management stakeholders.
• Assess program test integration processes and document findings for improvement.
• Conduct a comprehensive review of MITRE Attack Tactics, Techniques, and Common
Knowledge (ATT&CK), ATT&CK for Left of Exploit (PRE-ATT&CK) and Qualys
Vulnerability Management, Detection, and Response (VMDR) for accuracy and
conformity with cross-project test execution.
• Develop vulnerability detection plugins for custom and inhouse developed applications,
zero day and other vulnerabilities where the VMDR platform does not provide detection
capabilities.
• Update and adjust platform-defined vulnerability impact ratings to ensure prioritization
accurately reflects the risk.
• Support continuous improvement activities by evaluating mitigation and detection
capabilities, developing repeatable testing processes and monitoring remediation
progress.
• Conduct focused technical analyses (Network Mapping, Vulnerability Scanning, &
Penetration Testing) in support of the program, releases, and projects including
architecture and engineering tasks.
• Conduct platform, data, performance and software engineering analyses and feasibility
studies in accordance with the Common Vulnerability Scoring System (CVSS).
Required qualifications:
• Minimum 3 years of experience as a cybersecurity analyst
• Minimum Associates Degree
• Strong analytical and technical skills in computer network defense operations, ability to
lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous
pattern detection and content management) and Malware Analysis.
• Ability to identify assets on an agreed upon IP address space or network range(s) using a
network mapping tool.
• Identify IT vulnerabilities using a vulnerability scanning tool and develop a Vulnerability
Scanning Risk Assessment document that includes an executive summary, risk
assessment reports, and/or dashboards.
• Prior experience and ability to with analyzing information technology security events to
discern events that qualify as legitimate security incidents as opposed to non-incidents.
This includes security event triage, incident investigation, implementing
countermeasures, and conducting incident response.
• Ability to develop rules, filters, views, signatures, countermeasures and operationally
relevant applications and scripts to support analysis and detection efforts.
• Strong proficiency Report writing – a technical writing sample and technical editing test
will be required if the candidate has no prior published intelligence analysis reporting,
excellent verbal and written communications skills and ability produce clear and
thorough security incident reports and briefings.
• A working knowledge of the various operating systems and platforms (e.g., Windows,
OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in
enterprise networks, a conceptual understanding of Windows Active Directory is also
required, and a working knowledge of network communications and routing protocols
(e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and
standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
• Experience with the identification and implementation of counter-measures or mitigating
controls for deployment and implementation in the enterprise network environment.
Desired qualifications:
• Experience with Qualys (or other enterprise vulnerability and compliance tools), data
analytic platforms (Splunk, Palantir), and mainframe security tools (Vanguard, z/OS)
• Candidates with active IRS Moderate-Risk Background Investigation (MBI) clearances
are strongly desired
• Bachelor’s Degree in Information Technology, Cyber Security, Computer Science,
Computer Engineering, or Electrical Engineering
• One or more of the following certifications: GCIA, GCED, GCFA, GCFE, GCTI,
GNFA, GCIH, ECSA, CHFI, Security+, Network+, CEH.
• An understanding in researching Emerging Threats and recommending monitoring
content within security tools.
• Familiar with DHS CISA’s High Value Asset (HVA) Risk and Vulnerability Analysis
(RVA) process
• Experience with performing assessments on High Value Assets (HVAs)
• Experience with one or more of the following technologies and specific tools: Splunk
(including Core, Phantom and ES), Vanguard, Qualys, z/OS, Palantir
Closing Statement:
XOR Security offers a very competitive benefits package including health insurance coverage
from first day of employment, 401k with a vested company match, vacation and supplemental
insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet
eligibility requirements – US CITIZENSHIP REQUIRED.
Listing Details
- Salary: $120000 - $140000
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Full Telecommute