Information Assurance Security Specialist; Vulnerability Assessment Analyst

Information Assurance Security Specialist (Vulnerability Assessment Analyst)

Location:

San Antonio, TX (In Office)

Executes vulnerability management activities for DDSB systems by scanning, analyzing findings, and driving remediation with operations and engineering teams. This role reduces cyber risk by turning scan data into prioritized, trackable corrective actions.

Founded in 1998 and headquartered in San Antonio, Texas, X Technologies, Inc. is a leading technology services provider specializing in engineering, manufacturing, cybersecurity, and test system development. We primarily support the Department of Defense (DoD) and various commercial clients, delivering innovative, mission‑critical solutions that enhance security, efficiency, and operational readiness.

• Support the mission of the Information Systems Security Officer by ensuring network resources comply with DoD IA security policies, vulnerability alerts, IAVAs, and other technical advisories identified by USCYBERCOM (United States Cyber Command)/DHA.
• Perform IA scans of network enterprise devices using SCC (SCAP Compliance Checker), manual checks, DISA STIG Viewer, ACAS (Assured Compliance Assessment Solution) Nessus Scanner, ACAS Security Center, and MECM.
• Perform routine and random testing of servers and devices to ensure security compliance.
• Validate deployed security patches and solutions to ensure proper installation and function; verify remediation effectiveness following patching, configuration changes, or compensating controls.
• Maintain and validate asset lists within ACAS and eMASS (Enterprise Mission Assurance Support Services).
• Maintain credentialed scan coverage by resolving non‑credentialing, dead, or misconfigured assets and addressing scan failures and access issues.
• Administer, record, and support upkeep of network resources and implemented changes as reported by CMRS (Continuous Monitoring and Risk Scoring)/ACAS/other scanning tools.
• Identify and drive resolution of discovered discrepancies and security vulnerabilities (missing patches, gaps in network security) through required DHA offices and service functions.
• Create, maintain, and follow POA&Ms (Plans of Action & Milestones) through resolution for issues requiring additional time for testing, solutions development, team collaboration, and deployment to include risk mitigation statements and milestone dates.
• Track and report vulnerability status, trends, and remediation progress to support Government oversight and decision‑making, including leadership visibility for priority vulnerabilities and taskings.
• Report security violations and incidents up the chain of command within established time frames; reply and report to security and associated taskers.

Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Data Science, Engineering, Mathematics, or a closely related discipline or equivalent practical experience (as permitted by the contract). Minimum 4 years of relevant experience supporting enterprise IT environments, with demonstrated work aligned to Information Assurance.

• At least one: CGRC/CAP, CASP+, Cloud+, Pen Test+, Security+, or GSEC.
• Alternate/equivalent certifications may be accepted with Government approval.
• Preferred/Work‑center dependent:
  Microsoft Certified:
  Azure Administrator Associate or Microsoft Certified:
  Windows Server Hybrid Administrator Associate.

Must be able to obtain and maintain Public Trust suitability and all required system access (e.g., CAC‑enabled accounts) to perform duties.

Work is primarily on‑site in San Antonio, TX; limited remote work may be allowed when authorized by the Government and mission requirements permit. Work may require after‑hours, weekend, and/or on‑call support as directed, including support during scheduled maintenance windows, high‑impact incidents, vulnerability response actions, inspections, and surge periods. This position is aligned to applicable DoD Manual 8140.03 work role 803 (NIST:…