Note: The job is a remote job and is open to candidates in USA. cFocus Software seeks a Vulnerability Analyst to join our program supporting the National Institutes of Health (NIH). This role involves developing and implementing vulnerability management strategies and conducting vulnerability assessments to enhance the cybersecurity posture of NIH enterprise systems.
Responsibilities
- Direct vulnerability scanning activities across NIH enterprise systems
- Develop enterprise vulnerability management strategies
- Establish vulnerability assessment priorities based upon risk
- Continuously improve enterprise vulnerability management capabilities
- Analyze enterprise vulnerability scan results
- Perform vulnerability prioritization using risk-based methodologies
- Identify critical vulnerabilities requiring immediate remediation
- Evaluate exploitability and business impact
- Conduct root cause analysis
- Validate corrective actions
- Track vulnerability trends and recurring issues
- Coordinating remediation efforts with System Owners
- Tracking remediation progress
- Monitoring SLA compliance
- Escalating critical vulnerabilities within required timeframes
- Validating remediation completion
- Supporting risk acceptance processes
- Reducing enterprise cybersecurity risk
- Monitoring aging vulnerabilities
Skills
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 7+ years with vulnerability assessments or vulnerability management programs
- Experience managing enterprise vulnerability scanning solutions
- Experience with penetration testing efforts
- Experience supporting Federal cybersecurity programs
- Experience with RMF, FISMA, and NIST guidance
- Experience developing executive cybersecurity reports
- Ability to obtain and maintain NIH suitability/background investigation
Company Overview