Analyst Mid

Job Description

ECS is seeking an Analyst Mid to work in Windsor Mill office.

Position Responsibilities:

The Mid Vulnerability Analyst will support a wide array of information systems and security technologies in a highly federated government environment. The ideal candidate for this position is a fast learner with vulnerability management experience. This role is vital for the continuous identification, assessment, and prioritization of vulnerabilities using network management and vulnerability scanning tools (e.g., Dbprotect, Tenable Security Center, Forescout, Invicti).

The ideal candidate will conduct a thorough analysis of vulnerabilities identified by cybersecurity tools and prioritize them effectively according to the risk they pose to the organization, specifically by assessing the potential impact on the organization if exploited, and the likelihood of exploitation.

Other responsibilities include but are not limited to:

Develop reports utilizing network and vulnerability management tools and a Security Data Lake to detect and evaluate vulnerabilities.

o Correlate threat telemetry from various sources through the enterprise environment.

o Generate regular reports on vulnerability management activities, including progress, risk reduction, and key performance indicators. Provide insights to leadership on the organization's vulnerability landscape.

o Collaborate with system owners and support teams to validate findings and provide vulnerability information to stakeholders.

o Perform detailed examination of reported vulnerabilities to discern and diminish false positives, ensuring that the organization's resources are accurately targeted.

Systematically, prioritize vulnerabilities, ranking them not only by their technical severity but also by their relevance to the organization's unique environment and potential business impact.

o Work to analyze and create Cyber Hygiene reports to assist with agency compliance and prioritizing remediation efforts.

o Scrutinizing disclosed vulnerabilities from external security researchers, verifying their legitimacy, assessing severity, exploitation complexity, and

potential impact

o Use insights derived from our security data lake to conduct analysis, supporting the development of improved security measures.

o Generate management reports on vulnerability management activities, including progress, risk reduction, and key performance indicators geared to providing insights to leadership on the organization's vulnerability landscape.

Collaborating with pertinent government leads and technical teams to apprise, notify, and aid in mitigating identified vulnerabilities.

o Collaborate with incident response tickets related to disclosed vulnerabilities, encompassing ticket development, updates, and closure, focusing exclusively on security incidents reported in our Enterprise Application.

Stay up to date with the latest security threats and vulnerabilities to respond quickly to potential risks.

Generating and maintaining comprehensive records and reports of all disclosed incidents, vulnerabilities, actions taken, and outcomes, including trend analysis, response efficacy, and program maturation recommendations.

Demonstrating extensive proficiency in current and emerging cybersecurity threats and incident response, staying abreast of evolving threats, security trends, and industry best practices to accurately validate, categorize, and offer program enhancement suggestions.

Salary Range: $ - $
General Description of Benefits:
Benefits Link

Required Skills

Job Requirements:

2 to 4 years of progressive Cyber Security experience identifying, analyzing, and communicating cyber threat and vulnerability information

Experience applying threat and vulnerability analysis models (e.g. Mitre ATT&CK Framework, and the Common Vulnerability Scoring System (CVSS)).

Proven experience working in a large and complex network.

Experience performing vulnerability assessments or penetration testing.

Ability to obtain a security clearance.

Bachelor's degree or equivalent in a computer-related field.

Desired Skills

Certifications/Licenses:

Security +, Network +, and/or CCNA are a plus.

Preferred Experience:

Knowledge…