Vulnerability Analysts

About the Team: The Classified Cyber Security team at STR is comprised of highly skilled professionals who are responsible for maintaining compliance IAW with Government protocol and directives. The Classified Cybersecurity (CCS) team consists of a collaborative group of ISSM's, ISSO's, and ISSE's who are passionate about national security that take great pride in maintaining confidentiality, integrity, and availability of our Information Systems and enable execution of STRs portfolio of programs across a vast customer base. The Role: STR has an exciting opportunity for a cybersecurity professional to join our established Cybersecurity/Risk Management Framework (RMF) program as a key contributor for classified programs. In this dynamic position, you will interface and collaborate with other Cybersecurity professionals (ISSMs, ISSOs, ISSEs), Security professionals (CPSOs, FSOs), and System Administrators from our Classified Information Technology (CIT) organization. The role will focus on Vulnerability Management across STR's classified computer networks. This includes managing configuration changes to STR's baseline software and hardware, supporting security architecture improvements, and patch process for current and future technologies. The ideal candidate is expected to bring strong technical skills to enhance STR Vulnerability Management processes, along with a demonstrated eagerness to learn and develop within the classified lab ISSE function. Please note: This is an onsite role and does not offer remote or hybrid work options. Responsibilities: Review, track, and manage IA Vulnerability (IAVA) announcements (e.g., US-CERT, CISA, vendor alerts, etc.) applicable to STR's classified networks, ensuring they are communicated to stakeholders and tracked to closure. Perform vulnerability/compliance scanning and remediation tracking. Perform monthly patch testing for all classified network supported operating systems, applications, and hardware (i.e. firmware, BIOS, appliances - switch, firewall, etc.). Prepare System Impact Assessments from the monthly patch testing for communication to the Classified Network Enterprise Configuration Control Board. Prepare and provide metrics on vulnerability status, patch compliance, and the overall risk posture of the various classified networks. Proactively identify potential improvements to the patching processes primarily for 3 rd party vendors and firmware updates. Assist ISSMs, ISSOs, ISSEs in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities. Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, ensuring all security features are implemented and functional. Support the completion of Continuous Monitoring requirements in accordance with RMF and NIST SP800-53 standards. Perform other tasks as assigned by the manager. Who You Are: Security Clearance: Active Secret security clearance with the ability and willingness to obtain Top Secret, SCI, and/or SAP access (U.S. citizenship required). Experience: 2-3 years of hands-on technical experience in Information Assurance/Cyber Engineering or System Administration in the Defense Industrial Base (DIB) Experience with Windows Server Update Services (WSUS) and Linux patching Certification: Minimum of a DoD 8140/8570 IAT Level II certification (Security+) with the willingness and ability to obtain Level III (CISSP, CISM). Knowledge: Knowledge of NIST SP800-53 control implementation and assessment, looking to learn and advance in Cybersecurity field. Familiarity: Knowledge of the DCSA Authorization and Assessment Process Manual/Guide (DAAPM/DAAG) and the Joint Special Access Implementation Guide (JSIG). Technical Skills: Configuration, certification, and auditing/analysis of Windows/Linux operating systems and system virtualization in peer-to-peer, LAN & WAN networks. Using IA vulnerability/compliance scanning tools (e.g. NMap, ACAS, Nessus, Security Content Automation Protocol (SCAP)). Familiarity with scripting in Windows (PowerShell) and Linux (Bash, Ansible) to enhance deployment of patches to systems. Attributes: Excellent communication skills, detail-oriented, self-starter with a focus on understanding STR CCS and CIT processes and procedures. A desire for continuous improvement while working in a team environment and the ability to handle multiple fast-changing priorities/projects effectively. Well-organized, with the ability to track multiple issues and establish processes to assist the team in tracking items to closure. Pay Information Full-Time Salary Range: $105,000-$145,000 The salary range listed is based on external market data. Offers are based on factors, such as but not limited to, the candidate's experience, education, training, key skills/critical skills, security clearances, and prevailing market and business conditions. STR is a growing technology company with locations near Boston, MA, Arlington, VA, near Dayton, OH, Melbourne, FL, and Carlsbad, CA. We specialize in advanced research and development for defense, intelligence, and national security in: cyber; next generation sensors, radar, sonar, communications, and electronic warfare; and artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us. STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, and we go home at night knowing that we pushed the envelope of technology and made the world safer. STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at www.str.us for more info. STR is an equal opportunity employer. We are fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws. If you need a reasonable accommodation for any portion of the employment process, email us at [email protected] and provide your contact info. Pursuant to applicable federal law and regulations, positions at STR require employees to obtain national security clearances and satisfy the requirements for compliance with export control and other applicable laws. Apply tot his job Apply To this Job