Senior Web Vulnerability Analyst

• Bachelor's degree or equivalent work experience

• Five years of relevant/recent experience with Oracle Application Server, Oracle e-Business Suite, WebLogic, JBOSS, Java, IIS, Apache, SAP, or Tomcat, and cyber- security.
• Three years of relevant/recent experience with Microsoft Office products.

• Current 8570/8140 requirement certification

• Active Secret Clearance

• Serve as a Web technical specialist for assets connected to isolated environments, NIPRNet and SIPRNet to support cybersecurity and IT services.
• Review, identify, and report problems with the installation and operations of web instances to include system options, software used and not used, default security controls that are enabled, disabled, or bypassed, and system wide options or parameters that may create security vulnerabilities.
• Determine the impact and risk of submitted change requests prior to implementation and participate in CAB meetings (up to daily) to provide cyber oversight for database changes that affect the level of risk.
• Recommend security countermeasures to mitigate identified web risks.

• Identify, monitor, analyze, report, and brief status of vulnerabilities.
• Ensure high risk and high severity vulnerabilities are managed with increased visibility and escalated.
• Analyze, validate, monitor, and report compliance status of DoD and DISA directives and orders.           
• Create, maintain, and provide automated and customized vulnerability reports.
• Analyze mission requirements and organizational feedback to improve vulnerability reports and processes.
• Provide recommendations for web vulnerability analysis, guidance, deficiency resolution, and implementation suggestions to DISA customers and Mission Partners.

• Assess, audit, review, analyze, validate, and report database SRG and STIG vulnerabilities, and ensure security controls are implemented within databases IAW DoD, DISA and cybersecurity policies and procedures.
• Evaluate discrepancies as they relate to policy, orders, and database SRG and/or STIGs, and document recommended additions, deletions, or changes.
• Identify and report the need to add technical guidance for modification of policies and orders.
• Review and validate the installation and configuration of cyber tools on assets, and report deficiencies.
• Review database SRG and/or STIGs as updates are released, and report changes with the potential to have significant impact.
• Determine the impact and risk of submitted change requests prior to implementation and participate in meetings to provide cyber oversight for web changes that affect the level of risk.
• Recommend security countermeasures to mitigate identified web risks.
• Participate in audits and provide documentation (up to daily).

Deliverables:

• Daily/weekly/monthly/quarterly/annual vulnerability analysis reports
• Also includes Deliverables that apply to all tasks listed in section 6, Performance Requirements.