Vulnerability Assessment Analyst
Fort Belvoir, VA

Job Description

Overview

Amyx, Inc. is seeking to hire a web application vulnerability assessment analyst for a full time telework position. The analyst performs a variety of routine project tasks applied to specialized information assurance problems. Tasks involve integration of scan management solutions as they pertain to IA requirements. May conduct security assessments implementing and managing IA tools. Analyzes information security posture. Applies analytical and systematic approaches in the resolution of problems of work flow, organization, and planning.

Responsibilities

The analyst's primary job responsibilities will include:

* Coordinating scans with web site points of contact and CERT personnel


* Conducting vulnerability scans utilizing HP WebInspect, and at times other tools such as Portswigger Burp Suite


* Preparing assessment reports to document findings


* Checking other team member documentation in accordance with established peer review process guidelines


* Preparing status inputs for weekly and annual reports


* Other duties as assigned.



Supported Technologies:

* Vulnerability scanners - HP WebInspect, Portswigger Burp Suite


* Web applications, protocols and services-XML, SOAP, HTTP, HTTPS, SSL, TLS


* Mobile code technologies- ActiveX, JavaScript, etc.


* OWASP


* STIG viewer / compliance checker



Desired Skills and Qualifications:

* Document preparation and editing according to established criteria


* Excellent written and oral communication skills



Proficiency with Microsoft Office - especially Excel and Word-and Adobe Acrobat

Qualifications

* Must hold and maintain a DOD 8570 IAT II certification (e.g., CISSP, Security+, CEH).


* Complete designated Computing Environment (CE) training within 45 days of hire (no cost to the employee), as well as CMMI, safety awareness, DoD Cyber Security Awareness, Anti-terrorism, and other training modules as assigned.


* Software application experience with one of the following:
* HP WebInspect


* Portswigger Burp


* Tenable Security Center
* eEye Retina




* 2 years of experience supporting one of the following: web server, web infrastructure, web testing or web development.


* Knowledge of TCP/IP and HTTP 1.1 protocol RFC 2616


* Top Secret clearance or equivalent, with a favorably adjudicated Single Scope Background Investigation (SSBI) within scope, meaning it has to be current within 5 years - (note: this is for the SSBI/Tier 5 investigation required); actually unclassified contract.