Vulnerability Analyst

Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

• Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
• Conduct technical reviews of continuous audit and vulnerable assessment data, collaborate with threat intelligence section to inform prioritized patch management based on risk and impact within the environment.

Knowledge, Skillset, and Abilities (KSAs):

• Knowledge of risk management processes
• Knowledge of cyber threats and vulnerabilities
• Knowledge of application vulnerabilities
• Knowledge of host/network access control
• Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of network access, identity, and access management
• Knowledge of how traffic flows across the network
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of different classes of attacks
• Knowledge of ethical hacking principles and techniques
• Knowledge of network protocols
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems
• Skill in assessing the robustness of security systems and designs
• Skill in using network analysis tools to identify vulnerabilities
• Skill in reviewing logs to identify evidence of past intrusions
• Skill in conducting application vulnerability assessments
• Skill to develop insights about the context of an organization’s threat environment
• Ability to identify systemic security issues based on the analysis of vulnerability and configuration data
• Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

Education and Related Experience for Each Level:

• Level 4 - PhD in a technical field with limited experience or Master’s degree in a technical field and 2 to 5 years of related experience or Bachelor’s degree in a technical field and 5 to 10 years of related experience or Associates degree in a technical field and 10 to 15 years of related experience. Requires demonstrated in-depth knowledge and skills in a technical specialty.
• Level 5 - PhD in a technical field and 2 to 5 years of related experience or Master’s degree in a technical field and 5 to 10 years of related experience or Bachelor’s degree in a technical field and 10 to 15 years of related experience or Associates degree in a technical field and 15 to 20 years of related experience. Requires demonstrated in depth knowledge and skills in a technical specialty. Recognized as an expert in their field.
• Level 6 - PhD in a technical field and 5 or more years of related experience or Master’s degree in a technical field and 10 or more years of related experience or Bachelor’s degree in a technical field and 15 or more years of related experience or Associates degree in a technical field and 20 or more years of related experience. Requires demonstrated in-depth knowledge and skills in a technical specialty. This level should be limited to a small population. Recognized as an expert in their field.

Clearance Requirement:

• Desired Dept. of Energy Q, required Dept. of Energy L.

Miscellaneous:

• Must be a U.S. citizen, at this time we are not accepting applications from Visa or Green Card holders.

Job Types: Full-time, Contract

Pay: $130,000.00 - $140,000.00 per year

Compensation package:

• Yearly pay

Schedule:

• 8 hour shift
• Monday to Friday

Application Question(s):

• Do you currently possess or have the ability to obtain a Dept. of Energy L or Q clearance?

Education:

• Associate (Required)

Experience:

• Network analysis: 2 years (Preferred)
• Technical Surveillance, Countermeasure Reviews [TSCM]): 2 years (Preferred)
• TEMPEST countermeasure reviews: 2 years (Preferred)
• reviews of audit and vulnerable assessment data: 2 years (Preferred)
• Vulnerability assessment: 2 years (Preferred)

Ability to Commute:

• Oak Ridge, TN 37830 (Required)

Ability to Relocate:

• Oak Ridge, TN 37830: Relocate before starting work (Required)

Work Location: Hybrid remote in Oak Ridge, TN 37830