Performs ongoing, comprehensive vulnerability assessments of network cybersecurity risks to enable risk management and mitigation activities. Monitors the adequacy of cybersecurity measures for information systems and reports vulnerability findings to CSSP Watch leadership. Utilizes vulnerability data sources such as network discovery, network and host vulnerability scanning, penetration testing, operational exercise data, and compliance inspection reports. Assesses asset conformity to specified security requirements. Identifies security vulnerabilities and exposures.
- Four (4) years of demonstrated experience as a VAA in programs and contracts of similar scope, type, and complexity is required.
- One (1) year of demonstrated experience in technical reporting.
- One (1) year of demonstrated experience in network and threat analysis.
- A technical bachelor’s degree from an accredited college or university may be substituted for two (2) years of VAA experience on projects of similar scope, type, and complexity.
- Requires DoD 8570 compliance Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.
- Requires successful completion of the Splunk software training course “Fundamentals 1”