Vulnerability Analyst

at  Astrion

REQUIRED QUALIFICATIONS / SKILLS

• BA/BS or 4 years additional equivalent experience.
• 2 years IT experience specialized in scanning systems, information assurance support, and/or assessing systems.
• At least one of the following certifications: CompTIA Security+, CISSP, ISACA CISA, GIAC GSEC, GIAC GSNA, GIAC GPEN or CEH.
• Required Security Clearance: Ability to obtain NRC IT-I

DESIRED QUALIFICATIONS / SKILLS

• Previous experience administrating (or a comprehensive working knowledge) of the following technologies
• Windows Server
• Web Servers (IIS, Apache)
• Databases (MS SQL, MySQL)
• Linux (RHEL / CentOS)
• Familiarity with DISA STIGs, SCAP content, Tenable Audit files, and / or CIS Benchmarks.
• Knowledge of system and application security threats and vulnerabilities.
• A working understanding of wireless networking protocols and security mechanisms is a plus.
• Experience with vulnerability scanning tools, such as Tenable Security Center / Nessus is a plus.
• Ability to prioritize and complete tasks efficiently and effectively.
• Comfortable working individually and as part of a team.
• Scripting ability (e.g., PowerShell, VBA) is a plus.
• Proficiency with Microsoft Office applications, primary importance on Word and Excel.

WHO WE ARE

At Astrion, we innovate, elevate, and shape the world of tomorrow. At our core is our purpose to “Be the Difference”. This means we encourage our employees to take action and be the driving force for positive change. We foster an environment where innovative solutions flourish and our company continuously evolves.
We have a culture of care, empathy, and making a tangible difference within our organization and communities. We embrace continuous learning, growth, and innovation, and pushing the boundaries of what’s possible. We promote collaboration and empowering our teams is at the core of our success.

• Coordinate with the project management team and the customer to fulfill testing requirements for projects within the project schedule time frame.
• Conduct automated and manual scans verifying compliance with customer standards, DISA STIGs, CIS Benchmarks, vender security hardening documentation, and industry best practices.
• Conduct wireless scans using a customer owned wireless scanning laptop
• Reports of results will include screenshots of heatmaps, analysis of potential rogue access points, and recommendations for minimizing risk as necessary.
• Research and evaluate threats and vulnerabilities to assist in prioritization of remediation actions.
• Compile, organize, and report vulnerabilities and mitigation results to quantify program effectiveness.
• Develop vulnerability assessment reports depending on assigned effort using customer approved templates.
• Meet with stakeholders to review scan results and project deliverables.
• Advise stakeholders on appropriate remediation & mitigation solutions.
• Update customer owned scanning laptops, to include OS updates, application updates, and vulnerability plugins.
• Other duties as assigned.