XOR Security is looking for a Vulnerability Remediation Manager/Attack Surface
Reduction Specialist to perform the following duties:
• Engage stakeholders (System Owners, Administrators, ISSOs, ISSMs) to assess and prioritize vulnerabilities for HVA program and develop plans for remediation or risk mitigation activities
• Track remediation planning efforts of remediation activities and provide reporting to federal and contract leadership
• Develop an accurate and updated Cybersecurity Penetration Program Test Plan that reflects changes to the Release Plan.
• Develop a complete and timely Risk and Vulnerability Assessment (RVA) with both internal and external security testing and penetration testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network.
• Support the creation and collaborative update of the program IT Security and Penetration Test Strategy and Test Plan.
• Facilitate meetings and interviews to collaborate with the Cybersecurity SRM Penetration Testing Office and other Vulnerability Management stakeholders.
• Assess program test integration processes and document findings for improvement.
• Conduct a comprehensive review of MITRE Attack Tactics, Techniques, and Common Knowledge (ATT&CK), ATT&CK for Left of Exploit (PRE-ATT&CK) and Qualys Vulnerability Management, Detection, and Response (VMDR) for accuracy and conformity with cross-project test execution.
• Develop vulnerability detection plugins for custom and inhouse developed applications, zero day and other vulnerabilities where the VMDR platform does not provide detection capabilities.
• Update and adjust platform-defined vulnerability impact ratings to ensure prioritization accurately reflects the risk.
• Support continuous improvement activities by evaluating mitigation and detection capabilities, developing repeatable testing processes and monitoring remediation progress.
• Conduct focused technical analyses (Network Mapping, Vulnerability Scanning, & Penetration Testing) in support of the program, releases, and projects including architecture and engineering tasks.
• Conduct platform, data, performance and software engineering analyses and feasibility studies in accordance with the Common Vulnerability Scoring System (CVSS).
• Minimum 3 years of experience as a cybersecurity analyst
• Minimum Associates Degree
• Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
• Ability to identify assets on an agreed upon IP address space or network range(s) using a network mapping tool.
• Identify IT vulnerabilities using a vulnerability scanning tool and develop a Vulnerability Scanning Risk Assessment document that includes an executive summary, risk assessment reports, and/or dashboards.
• Prior experience and ability to with analyzing information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
• Ability to develop rules, filters, views, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.
• Strong proficiency Report writing – a technical writing sample and technical editing test will be required if the candidate has no prior published intelligence analysis reporting, excellent verbal and written communications skills and ability produce clear and thorough security incident reports and briefings.
• A working knowledge of the various operating systems and platforms (e.g., Windows, OS X, Linux, Solaris, RHEL, SunOS, IBM z/OS Mainframe etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
• Experience with the identification and implementation of counter-measures or mitigating controls for deployment and implementation in the enterprise network environment.
• Experience with Qualys (or other enterprise vulnerability and compliance tools), data analytic platforms (Splunk, Palantir), and mainframe security tools (Vanguard, z/OS)
• Candidates with active IRS Moderate-Risk Background Investigation (MBI) clearances are strongly desired
• Bachelor’s Degree
• One or more of the following certifications: GCIA, GCED, GCFA, GCFE, GCTI, GNFA, GCIH, ECSA, CHFI, Security+, Network+, CEH.
• An understanding in researching Emerging Threats and recommending monitoring content within security tools.
• Familiar with DHS CISA’s High Value Asset (HVA) Risk and Vulnerability Analysis (RVA) process
• Experience with performing assessments on High Value Assets (HVAs)
• Experience with one or more of the following technologies and specific tools: Splunk
(including Core, Phantom and ES), Vanguard, Qualys, z/OS, Palantir
- Salary: $110000 - $140000
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Full Telecommute