Tyto Athene is searching for a Vulnerability Assessment Team (VAT) Analyst Lead to support a law enforcement customer in Ashburn, VA. In this role, you will work closely with threat hunters, threat analysts, and an established SOC—playing a critical part in identifying, assessing, and mitigating vulnerabilities as we hunt down and defend against the most advanced global threats.
Responsibilities:
- Lead enterprise vulnerability assessment efforts and security testing activities.
- Perform vulnerability scanning and analysis across complex networks and systems.
- Provide clear, actionable remediation guidance and track remediation efforts to completion.
- Support the development, implementation, and maintenance of enterprise vulnerability management services and processes.
- Operate, configure, and optimize agency tools and technologies used for vulnerability testing, scanning, and threat identification.
- Review and update vulnerability management plans, policies, and documentation.
- Coordinate scanning schedules, scope, and requirements with stakeholders and system owners.
- Review, analyze, validate, and report vulnerability scan results and findings.
- Maintain a repository of vulnerability assessment tool and application issues; report issues to the Government VAT Team Lead and SSD Director.
- Apply Information Systems Security principles and relevant security methodologies across the vulnerability lifecycle.
- Assist with Application Security efforts, including secure configuration and vulnerability testing.
- Leverage understanding of Firewall Management and Advanced Threat Protection solutions.
- Apply expertise related to Access Control, Authorization, IDS/IPS, and protocol analysis.
- Ensure proper handling of sensitive and classified information protocol requirements.
- Ensure compliance with FISMA, NIST, and Risk Management Framework (RMF) standards.
Required:
- Minimum 5 years of experience performing enterprise vulnerability assessments.
- Strong background analyzing vulnerabilities and providing remediation instructions.
- Experience operating vulnerability scanning platforms and assessment tools.
- Knowledge of Application Security concepts and secure system implementation.
- Understanding of Firewall Management, ATP tools, access control, IDS/IPS, and protocol analysis.
- Familiarity with classified information handling requirements.
- Experience working in compliance-driven environments (FISMA, RMF, NIST).
- Strong analytical, communication, and reporting skills.
Desired:
- CISSP - Certified Information Systems Security Professional
- Certified Ethical Hacker (CEH) or one of the following: DoD 8570 IAT Level II or IAM Level I or CSSP Analyst / Incident Responder
- GCFA - GIAC Certified Forensic Analyst
- GCFE - GIAC Certified Forensic Examiner
- GREM - GIAC Reverse Engineering Malware
- GNFA - GIAC Network Forensic Analyst
Location:
Clearance:
- TS/SCI Clearance required
