Gray Tier Technologies is seeking a Sr. Scanner/Analyst to join our growing team in support of a Security Operations Center on a newly awarded contract. The ideal candidate will have experience working in a network security environment, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC).

Responsibilities

• Provide onsite and remote vulnerability scanning and assessment capabilities as a sustained, full-time program independent of incident detection, recovery, or reporting activities

• Work with system owners, system developers, and/or system administrators, to holistically examine the security vulnerability findings and assessments of their systems, through a review of the security scans reports, as requested

• Coordinate with the Government to use these findings to inform, expand, or focus vulnerability scanning and monitoring efforts

• Create and maintain a method of tracking and reporting on trends identified in the vulnerability assessment process to improve the efficiency or reduce the cost of delivery of the service

• Document, maintain, and update processes and procedures for performing and conducting vulnerability scanning, vulnerability analyses, and risk assessments of FAA/DOT systems and networks

• Provide documentation, maintenance, and update of processes and procedures of Government-furnished vulnerability assessment tools and penetration testing tools

• Ensure all staff are trained and knowledgeable of the vulnerability scanning and penetration testing tools and in the ability to assess vulnerability scan findings

• Document vulnerability mitigation processes and procedures as a result of vulnerability findings and risk assessments for FAA/DOT systems and networks, as defined by FAA Policy and Procedures

• Document processes and procedures for reporting newly discovered (zero-day) vulnerabilities

• Ensure all vulnerability scanning tools and subsystems maintained by FAA SOC are deployed and maintained in accordance with FISMA and NIST assessment and authorization standards

Qualifications

• The ideal candidate will have experience leading a network security environment, such as a Security Operations Center (SOC), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC) or Cyber Security Incident Response Center (CSIRC)

• Minimum ten (10) years IT experience

• Experience with vulnerability assessment tools including Web Inspect, Nessus and/or Found Scan

• Experience working in a SOC-type environment

• May be exposed to dust/dirt, humidity, and noise