Aspis is searching for a mid-level cybersecurity analyst to join our fast-growing team in Washington D.C. The ideal candidate will have 5+ years of experience and have a bachelor's degree in computer science, business, or related fields.
Responsibilities:
- Perform monthly remediation status reports with a summary of ongoing issues and metrics.
- Knowledge of Carbon Black implementation, Splunk, and CDM Dashboard Eco-System.
- Lead or support cybersecurity incident handling activities.
- Support Cybersecurity for Development, Security, and Operations (DevSecOps) and Continuous Integration/Continuous Delivery (CI/CD).
- Analyze risk to the enterprise and identify the necessary outcome for remediating the risk, including potential risk from operating in a Cloud environment.
- Verify successful vulnerability remediation.
- Review and report on changes to the NIST frameworks and other agency-specific to vulnerability management requirements.
- Define requirements for vulnerability reports and coordinate with agency leadership.
- Create and deliver presentations as required by management.
- Maintain vulnerability management program documentation.
- Develop analysis reports for Management addressing accomplishments, risks, issues, and mitigations.
- Conduct a detailed analysis of vulnerabilities.
- Monitor scans for any failures. Investigate and resolve any full or partial scan failures.
- Provide operation and management functions of vulnerability scanners.
- Recommend scanner architecture changes to support changes in vulnerability scanning requirements.
- Deploy scanning services to meet security scanning requirements.
- Perform ad hoc scanning as needed.
- Perform investigations of reported false positives and false negatives.
- Provide operation and management functions of Tripwire and perform enterprise-wide detection of server configuration changes using Tripwire.
- Prepare a report monthly of analysis of security configuration management.
- Prepare a report to ISSO bi-monthly of any suspicious system changes.
- Provide a monthly summary of vulnerability scanning efforts and metrics.
Additional Desired Knowledge:
- Perform annual black box testing of IT assets, including desktop computers, servers, routers, switches, internally developed applications, web-based scripts, and applications on all agency websites, and back doors in accordance with the approved test plan. Provide a test plan for agency approval ten (10) days prior to the test date.
Qualifications:
Experience Requirements:
- 5+ years of experience in cybersecurity
Education Requirements:
- Bachelor's degree is required
- Cybersecurity certification (DOD 8570 Level II) is required
- Cybersecurity certification (DOD 8570 Level III or Manager) is strongly preferred
About Us
Aspis strives to make enterprise cybersecurity solutions and professional services accessible to all sizes of organizations from medium-sized businesses to large Fortune 500 enterprises; non-profits; and to municipal, state, and federal government agencies. Aspis is a Virginia Values Veterans Certified company. Our Values are Integrity, Community, and Diversity. learn more by checking out our website at https://aspis.consulting
Benefits:
- 401(k) matching
- Dental Insurance
- Health insurance
- Vision Insurance
- Paid time off
- Flexible Schedule
- Tuition Reimbursement
Schedule:
We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other characteristic protected by law. We will consider employment for qualified applicants with criminal histories consistent with applicable law.