Vulnerability Analyst, Journeyman

Qualifications

• 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree
• Clearance: Active TS/SCI clearance.
• Candidate must meet ONE of the following:
• Bachelor’s degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR
• Relevant DoD/military training (examples: 531‑25B40‑C46; DISA (541) Training; Vulnerability Assessment Analyst (Intermediate) Playlist; E3ABR1D731D00BB); OR
• Relevant professional certification or equivalent experience (examples: CEH(P); RCCE Level 1; CompTIA Cloud+; CPTE; FITSP‑A; GCED; GCIH; GCSA; GICSP; GSEC; PenTest+; Security+).
• Required experience and skills:
• Vulnerability assessment, scanning, or security operations experience.
• Hands‑on experience with ACAS/Nessus, Forescout/NAC, STIG validation, and eMASS or equivalent RMF evidence workflows.
• Ability to validate exploitability, document reproducible findings, update POA&Ms, and coordinate retesting and remediation verification.
• Proficiency with vulnerability dashboards, reporting, and basic scripting or automation to streamline validation tasks.
• Strong documentation and communication skills for producing audit‑quality evidence and operational summaries.
• Desired:
• Prior DoD/ARNG vulnerability assessment or CCRI support experience.
• Experience integrating vulnerability management with detection engineering, patch orchestration, and threat intelligence for prioritized remediation.

#ENOCS

We are seeking a highly skilled and innovative Vulnerability Analyst, Journeyman to join our team in the greater DMV area, supporting the Army National Guard.

Responsibilities

• Execute vulnerability scans (ACAS, Forescout, Nessus, etc.), review results, and validate findings to identify weaknesses across systems, networks, cloud services, and applications.
• Confirm exploitability, classify technical risk, and correlate scan outputs with asset inventories, configuration baselines, and patch records.
• Review STIG compliance results, verify remediation evidence, update POA&Ms, and upload evidence and artifacts into eMASS and enterprise tracking tools.
• Retest remediations, validate fixes, and coordinate remediation actions with system admins, engineers, and cybersecurity teams.
• Document analysis steps, maintain case records, and prepare operational summaries, trend reports, and vulnerability dashboards to support continuous monitoring and CCRI readiness.
• Identify recurring issues and visibility gaps; recommend scanning/workflow improvements and support automation of validation where feasible.
• Support RMF compliance by producing audit‑quality evidence, tracking remediation progress, and contributing to metrics for leadership reporting.

#ENOCS