Job Description

Global Engineering and Technology (GET) is seeking qualified applicants for the position of Vulnerability Assessment Analyst in support of the United States Department of Energy\'s cybersecurity program. This is a highly compensated, high-responsibility technical guidance position that is central to our mission\'s success.

In its majority, work will be performed remotely, from the employee\'s place of residence. Pre-planned travel to Oak Ridge, Tennessee, for on-site interaction, support, and inspections will be required as needed.

Duties:

Vulnerability Assessment Analysts perform assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. They measure the effectiveness of Defense-in-Depth (DiD) architecture against known vulnerabilities. Additionally, they are expected to:

• Conduct required reviews as appropriate within the environment (e.g., Technical Surveillance Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews)

• Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications)

• Conduct technical reviews of continuous audit and vulnerability assessment data, collaborate with threat intelligence section to inform prioritized patch management based on risk and impact within the environment

Requirements

Security Clearance:

This position requires a current DOE Q or DoD Top Secret security clearance.

Required knowledge, skills, and abilities (as demonstrated by technical expertise and certification)

SMEs performing this function are expected to have the following:

• Knowledge of risk management processes
• Knowledge of cyber threats and vulnerabilities
• Knowledge of application vulnerabilities
• Knowledge of host/network access control
• Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of network access, identity, and access management
• Knowledge of how traffic flows across the network
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of different classes of attacks
• Knowledge of ethical hacking principles and techniques
• Knowledge of network protocols
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems
• Skill in assessing the robustness of security systems and designs
• Skill in using network analysis tools to identify vulnerabilities
• Skill in reviewing logs to identify evidence of past intrusions
• Skill in conducting application vulnerability assessments
• Skill to develop insights about the context of an organization\xe2\x80\x99s threat environment
• Ability to identify systemic security issues based on the analysis of vulnerability and configuration data
• Ability to share meaningful insights about the context of an organization\xe2\x80\x99s threat environment that improve its risk management posture
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

Benefits

We provide exceptional benefits to our full-time employees (spouse/family coverage option also available at a company-subsidized rate).

Benefits include:

• Medical plan options with United Health Care
• Dental
• AD&D
• Life
• Long-/Short term Disability with MetLife
• 401(k) match with Principal Financial

All benefits are effective on day one of employment.

Global Engineering & Technology, Inc. (GET)