Vulnerability Assessment Analyst - Suburban MD & Hybrid

We are GDIT. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country.

HOW A VULNERBILITY ASSESMENT ANALYST WILL MAKE AN IMPACT: The Vulnerability Assessment Analyst is responsible for providing timely publication and dissemination of actionable security notifications through Security Alerts, Advisories, Bulletins, and other mediums to promote awareness of identified vulnerabilities or enterprise deficiencies. The candidate shall further contribute to the actionable security notifications through correlation, contextualization, and prioritization based on applicability to the enterprise

In this role, a typical day will include

• Monitor and assess threats and vulnerabilities with identified weighted measures to evaluate the risk exposure to the enterprise.
• Monitor the cyber enterprise health and metrics dashboard reporting to identify potential vulnerabilities or deficiencies.
• Expedite remediation and/or mitigation of critical and high vulnerabilities by coordinating with relevant stakeholders and ensuring timely resolution.
• Identify, review, and assess vulnerability remediation actions and data call security flaw reporting to provide accurate and comprehensive analysis of vulnerabilities.
• Conduct vulnerability analysis and assessment for 'Zero Day' and 'Critical' security stack-related vulnerabilities that threaten the IRS enterprise, and provide deep-dive analysis and brief leadership as needed.
• Possess knowledge of endpoint and server engineering/system administration to understand the technical aspects of vulnerabilities and their impact on enterprise systems.
• Conduct daily exhaustive research to identify all vulnerabilities that could threaten the IRS Enterprise using multiple credible sources, and provide timely publication and dissemination of actionable security notifications in the form of Alerts, Advisories, and Bulletins.
• Maintain/update a centralized repository of applicable threats and vulnerabilities that potentially impact enterprise systems and applications for reference and analysis purposes.
• Manage Data Calls until resolution, including initial analysis of vulnerability impact, coordinate communications with affected Business Units (BUs), report remediation progress, and ensure directed remediation guidelines are fully completed within the required timeline.
• Formulate metrics and mitigation strategies by analyzing risk exposure and Vulnerability Analysis to proactively identify and address potential vulnerabilities.
• Understand Patch and Remediation methodologies for multiple operating systems to effectively assess and mitigate vulnerabilities in the enterprise environment.

WHAT YOU’LL NEED TO SUCCEED:

• Bachelor's degree in Computer Science, Information Security, or a related field and three plus years of experience,
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or GIAC Certified Vulnerability Analyst (GCVA) are preferred.
• Strong knowledge of vulnerability assessment and analysis methodologies, tools, and techniques.
• Experience in monitoring and assessing threats and vulnerabilities in a large enterprise environment.
• Excellent analytical skills to correlate and contextualize security notifications based on enterprise applicability.
• Ability to conduct in-depth research to identify vulnerabilities from multiple credible sources.
• Strong communication skills to effectively publish and disseminate actionable security notifications.
• Understanding of patch and remediation methodologies for multiple operating systems.
• Ability to work independently and collaboratively in a fast-paced environment.
• Knowledge of endpoint and server engineering/system administration to understand technical aspects of vulnerabilities.
• Experience in managing data calls and coordinating with business units for vulnerability remediation.
• Strong organizational skills to maintain/update a centralized repository of vulnerabilities and track remediation progress.

Location: Hybrid-one day a week on site

US Citizenship Required

GDIT IS YOUR PLACE:
● Full-flex work week to own your priorities at work and at home
● 401K with company match
● Comprehensive health and wellness packages
● Internal mobility team dedicated to helping you own your career
● Professional growth opportunities including paid education and certifications
● Cutting-edge technology you can learn from
● Rest and recharge with paid vacation and holidays