Vulnerability Assessment Analyst – Hybrid

XOR Security

Job Description:

XOR Security is currently seeking talented, experienced Vulnerability Assessment Analysts for an exciting position supporting one of our premier clients. Our project is aimed at establishing cutting-edge techniques for network defense, identifying threats and detecting malicious activity using advanced toolsets.  The ideal candidate will have experience with Vulnerability Assessment/Analysis, Security Controls Assessment, Continuous Monitoring, Continuous Authorization, and FedRAMP assessments and will keep up to date on emerging trends in the cyber security field. 


Washington D.C., USA – On site 3 times a week

Skills and Qualifications:

Required Qualifications:

  • An industry certification such as CASP, CAP, CISSP, CISM, GSEC, GMON, Security+
  • 7 years of experience in Information Assurance
  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience. 
  • In-depth understanding and hands-on experience with Qualys, to include scanning with Security Technical Information Guides (STIG) and CIS benchmarks
  • MS Excel pivot tables

Job Duties:

  • Leverage enterprise scanning applications or tools approved by the government to complete this task. The vulnerability management support will require the Contractor to provide routine and ad-hoc automated vulnerability scans, scans in support of audits, scan result analysis, and validation scans of remediated vulnerabilities identified during Vulnerability Assessment & Penetration Testing engagements.
  • Support vulnerability scans of information systems that are on-premises and hybrid cloud systems as necessary
  • Support scanning and testing at the application and database level and shall refine and mature scanning metrics and thresholds to positively affect program maturity
  • Work with system owners, system administrators and ISSOs to define the scope, develop a test plan, and rules of engagement as necessary
  • Analyze weekly DHS Cyber Hygiene reports, facilitate remediation of findings therein, and promote comprehensive scanning coverage of all Internet- reachable IT assets
  • Identify corrective actions, compensating controls, and assist with POA&M development in CSAM
  • Identify mitigations for non-compliance, notify stakeholders of compliance issues and, where required, perform these mitigations
  • Take into account any infrastructure challenges and make recommendations for improvements where needed. This includes third party service provider hosted Software as a Service (SaaS), Platform as a Service (PaaS) instances as well as Infrastructure as a Service (IaaS)
  • Provide expertise in the review of new vulnerability technologies and capabilities and shall interact with other technology divisions to facilitate deployment

 Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.


To help us track our recruitment effort, please indicate in your cover/motivation letter where ( you saw this job posting.