Continuous Monitoring Analyst

Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age.

We are looking for a Continuous Monitoring Analyst to support a large Federal agency as we work with them on their cybersecurity measures. The analyst will be tasked with the following.

Responsibilities:

• Perform vulnerability scans and develop applicable vulnerability reports for systems.
• Analyze scan results and engage with stakeholders to resolve identified vulnerabilities; document exceptions, and false positives.
• Communicate appropriate vendor and scan system recommended solutions as part of comprehensive remediation solutions.
• Follow-up with owners to ensure remediation efforts are consistent with policy and escalate instances of noncompliance.
• Experience operating vulnerability and compliance scanning tools such as WebInspect, Tenable Nessus Security Center, Tripwire, etc.
• Track progress of vulnerability remediation with responsible stakeholders and support teams.
• Perform deep-dive analysis of vulnerabilities leveraging data from various sources; analyze data sources and provide recommendations for optimal reports.
• Perform configuration and deployment of vulnerability scanning and network assessment tools
• Work with Cybersecurity staff to troubleshoot performance and connectivity issues with network scanning and security assessment tools.
• Work with Cybersecurity staff to evolve the Security Operations continuous monitoring toolsets and reporting to provide better vulnerability insight.
• Research vulnerability impact or remediation. Provide comprehensive analysis back to leadership.
• Present vulnerability reports to cross-functional stakeholders, to include Cybersecurity leadership.
• Analyze attempts to exploit vulnerabilities and determine if they are/should be successful
• Build and/or grow a comprehensive enterprise vulnerability management program, focused on tracking and minimizing high priority vulnerabilities
• Work with other business units to determine and negotiate high priority vulnerabilities with appropriate stakeholders
• Grow an enterprise vulnerability remediation program, focused on remediating vulnerabilities and applying security settings
• Build, grow, and tune standard processes for the identifying and resolving of suspicious events and settings on the network
• Serve as subject matter expert on vulnerabilities, including system and application settings, to work alongside security analysts in event handling and incident response
• Perform other official duties as assigned.

Qualifications:

• Bachelor’s degree in a related field with 3+ years work experience IT, cybersecurity or networking field
• Knowledge of security fundamentals, common vulnerabilities, vulnerability management, patch management, and configuration management best practices.
• Technical experience discovering, validating, and remediating network vulnerabilities. Familiarity with common exploitation techniques and the applications of Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS).
• Experience interpreting security advisories. Ability to leverage diverse sources to gain a technical understanding of a vulnerability, exploitation, and potential impact
• Ability to communicate effectively with technical and non-technical users.
• Excellent time management and organization skills, handling multiple, simultaneous and changing priorities under pressure and tight deadlines within a high-pressure environment.