Vulnerability Analyst 2/3

Position Description

Northrop Grumman is seeking a motivated professional to join our Team as a Vulnerability Analyst 2/3. This position is located in Quantico, VA. The Vulnerability Analyst 2/3 will support the Senior Cyber Security Manager within DSS Cyber Network Defense (CND) unit. Supports the Vulnerability Management Program to identify, categorize, remediate, and mitigate vulnerabilities on DSS Information Systems. Performs the vulnerability management in accordance with DOD mandates. Identifies, reports, and mitigates the Information Systems within the DSS enclaves that are in non-compliance with DOD standards. The successful candidate will possess and apply a comprehensive knowledge across key tasks and high impact assignments. Plan and lead major technology assignments. Evaluate performance results and recommends major changes affecting program success.

Roles and Responsibilities

  • Update and maintain the SOPs for the Vulnerability Management Program.
  • Conduct vulnerability auditing on 100% of DSS Information Systems with the DISA Assured Compliance Assessment Solution (ACAS), current vulnerability auditing solution, or a combination of solutions. Weekly audits will be delivered to the system owners and on demand audits will be performed on devices not accessible during automated vulnerability audits on all DSS enclaves.
  • Maintain compliance to the standards set by the DISA Filed Security Operations Command Cyber Readiness Inspectors (CCRI) and Certification and Accreditation and all applicable DOD inspection programs.
  • Maintain a dashboard on DSS CND SharePoint with current vulnerabilities, IAVMs on DSS computing devices. Include associated ACAS plugins, suspense dates, POAM status, system owners, percentage of compliance, and status.
  • Maintain a dashboard with the current Security Requirements Guides (SRG) and Security Technical Implementation Guides (STIG) and implementation status on DSS environment. Include associated vulnerabilities, suspense dates, POAM status, system owners, percentage of compliance, and status.
  • Conduct monthly audits to include but not limited to STIG-SRG, SCAP, and all system vulnerabilities in compliance with mandated DOD directives.
  • Conduct and report daily audits in support of identity assurance in order to validate user accounts, computer accounts, privileged accounts, system accounts, and report any anomalies to Incident Responders.
  • Coordinate the assessment of vulnerabilities with system owners
  • Provide detail vulnerability reports.
  • Assist other team members with developing mitigation plans.
  • Support system administrators with resolution of vulnerability findings.

This requisition may be filled at a higher grade based on qualifications listed below.


Basic Qualifications for a Vulnerability Analyst 2:

  • 2 years' of Cyber Security experience (0 Years' with a Master's degree) with a Bachelor's degree in a technical specialty: cyber security, computer science, or similar field. Note, we may consider four (4) additional years of relevant experience in lieu of a degree.
  • Experience with Vulnerability Management in a DoD environment
  • Experience working with a combination of ACAS, SRG, STIGs, IAVMs.
  • Experience with Cyber security policies, operations, and reporting requirements.
  • Experience performing vulnerability audits and assessments.
  • IAT-I, II or III IA Baseline Certification (SEC , CISSP, etc.)
  • CND IA Auditor Baseline Certification: (CEH, CISA, GSNA)
  • Computing Environment or OS Certificate
  • Must possess an active/current TS/SCI clearance.

Basic Qualifications for a Vulnerability Analyst 3 are the same as listed above but require a Bachelor's degree in a technical field with at least 5 years of experience (3 with a Master's) and at least two (2) years of experience with Vulnerability Management in a DoD environment and actively working with a combination of ACAS, SRG, STIGs, IAVMs.

Preferred Qualifications:

  • CEH certification
  • CCNA certification
  • ITIL v3 certification
  • Excellent verbal and written communications.
  • Familiar with any of the following: Akamai, Splunk, Cisco, McAfee, SCAP, ACAST, F5

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit U.S. Citizenship is required for most positions.

Meet Some of Northrop Grumman's Employees

Jacqueline T.

Electrical Engineer

Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.

Jonathan M.

Electronics Engineer

Jonathan works with avionics industry subject matter experts to come up with new feature developments before implementing those ideas in the Northrop Grumman laboratory.

Back to top