Sr Vulnerability Analyst - Division of Information Technology - R024833

Primary Location : DC-Washington

:

Employee Status : Regular

Overtime Status : Exempt

Job Type : Standard

:

:

:

Relocation Provided: : Yes

Compensation Grade Low: : FR PAY GRADE 26

Compensation Grade High: : FR PAY GRADE 28

Minimum Salary: : $123,500.00

Maximum Salary: : $266,000.00

Posting Date : Nov 5, 2024

Minimum Education

Bachelor's degree or equivalent experience

Minimum Experience

5

Summary

Leads the instrumentation and administration of cybersecurity tools, appliances, and measures to protect the Board’s IT assets and ensure the Board’s ability to conduct its mission. Utilizes cybersecurity tools such as firewalls, proxies, intrusion detection, intrusion prevention, endpoint protection, and data analysis platforms as part of an integrated, defense in depth solution with a central security information and event management (SIEM) system and security orchestration tools. Develops an advanced understanding of system architecture and the ability to identify security weaknesses that can be exploited to compromise a variety of systems used by the Board. Develops technical products and presents highly technical subjects to a variety of audiences ranging from non-technical senior leaders to highly technical subject matter experts. Leads collaboration with other cybersecurity professionals to develop and implement cybersecurity solutions that enable threat hunt activities. With some guidance provides technical and analytical assessments to support information security engineering decisions to ensure Board information and systems are adequately protected.

Duties and Responsibilities

• Leads and/or participates in implementing cybersecurity tools such as firewalls, proxies, intrusion detection, intrusion prevention, endpoint protection, and data analysis platforms as part of an integrated defense in depth solution with a central security information and event management (SIEM) system and security orchestration tools. Leads technical and analytical assessments to support information security engineering decisions to ensure Board information and systems are adequately protected.  Ability to characterize and manage moderately complex risks to mitigate cyber threats.
• With some guidance, proactively supports analysis of threat intelligence from a variety of sources to understand the nature of the threat, extract the information that informs threat hunt operations, and uses that information to investigate Board IT assets for evidence of an intrusion or compromise.
• With some guidance, emulates threat actor tactics, techniques, and procedures in a controlled and/or production environment to demonstrate and observe the technical aspects of the emulated activity. Leads and/or develops adequate detection strategies and develops mitigations as needed to address the specific details of the threat.
• Leads the development of programs that apply statistical models, mathematical principles, and other analytic tradecraft to a variety of IT network-generated data for the purposes of identifying anomalous activity, suspicious network activity, and ultimately leads to the discovery of intrusions and/or compromises.
• With some guidance, identifies and analyzes system-generated logs and capture forensic images of a variety of systems for the purposes of fully analyzing a cybersecurity intrusion and/or compromise. Includes use of advanced knowledge to perform root cause analysis and develop timelines to show the actions taken by a cyber threat actor in an environment. Leads the completion of all phases of the incident response process including identification, containment, eradication, and remediation.
• Leads implementation of vulnerability scans and ensures operational systems are adequately patched to protect the Board from potential cyber threat actors. Leads the analysis of vulnerabilities and proof of concept code as it becomes available to assess the technical implications of a given threat and ensure that the Board’s defenses are sufficient. Maintains advanced knowledge of ethical hacking principles to apply the skills to the management of vulnerabilities and mitigation of technical risk. Ensures that vulnerabilities are managed and patched according to Board policies and procedures.
• Leads the development of and/or develops data analytic software and cybersecurity scripts using a variety of programming and scripting languages to enable cybersecurity activities designed to defend the Board’s IT assets. With limited guidance, develops programs, software, and scripts that automate the cybersecurity process. With limited guidance, develops data queries and scheduled jobs designed to correlate data for further analysis. With limited guidance, integrates tools and systems for advanced analysis of relevant data.
• With moderate guidance, manages cybersecurity projects focused on developing and instrumenting moderately complex approaches to detect, prevent, and respond to cybersecurity intrusions and/or compromises. Authors documents and oversees the execution of project plans, schedules, requirements, risks, assumptions, cost, performance, and resource utilization with minimal supervision.

Duties and Responsibilities 
·         Leads and/or participates in implementing cybersecurity tools such as firewalls, proxies, intrusion detection, intrusion prevention, endpoint protection, and data analysis platforms as part of an integrated defense in depth solution with a central security information and event management (SIEM) system and security orchestration tools. Leads technical and analytical assessments to support information security engineering decisions to ensure Board information and systems are adequately protected. Ability to characterize and manage moderately complex risks to mitigate cyber threats.
·         With some guidance, proactively supports analysis of threat intelligence from a variety of sources to understand the nature of the threat, extract the information that informs threat hunt operations, and uses that information to investigate Board IT assets for evidence of an intrusion or compromise.
·         With some guidance, emulates threat actor tactics, techniques, and procedures in a controlled and/or production environment to demonstrate and observe the technical aspects of the emulated activity. Leads and/or develops adequate detection strategies and develops mitigations as needed to address the specific details of the threat.
·         Leads the development of programs that apply statistical models, mathematical principles, and other analytic tradecraft to a variety of IT network-generated data for the purposes of identifying anomalous activity, suspicious network activity, and ultimately leads to the discovery of intrusions and/or compromises.
·         With some guidance, identifies and analyzes system-generated logs and capture forensic images of a variety of systems for the purposes of fully analyzing a cybersecurity intrusion and/or compromise. Includes use of advanced knowledge to perform root cause analysis and develop timelines to show the actions taken by a cyber threat actor in an environment. Leads the completion of all phases of the incident response process including identification, containment, eradication, and remediation.
·         Leads implementation of vulnerability scans and ensures operational systems are adequately patched to protect the Board from potential cyber threat actors. Leads the analysis of vulnerabilities and proof of concept code as it becomes available to assess the technical implications of a given threat and ensure that the Board’s defenses are sufficient. Maintains advanced knowledge of ethical hacking principles to apply the skills to the management of vulnerabilities and mitigation of technical risk. Ensures that vulnerabilities are managed and patched according to Board policies and procedures.
·         Leads the development of and/or develops data analytic software and cybersecurity scripts using a variety of programming and scripting languages to enable cybersecurity activities designed to defend the Board’s IT assets. With limited guidance, develops programs, software, and scripts that automate the cybersecurity process. With limited guidance, develops data queries and scheduled jobs designed to correlate data for further analysis. With limited guidance, integrates tools and systems for advanced analysis of relevant data.
·         With moderate guidance, manages cybersecurity projects focused on developing and instrumenting moderately complex approaches to detect, prevent, and respond to cybersecurity intrusions and/or compromises. Authors documents and oversees the execution of project plans, schedules, requirements, risks, assumptions, cost, performance, and resource utilization with minimal supervision.
Position Requirements
FR-26 Minimal Qualifications 
Requires a bachelor’s degree in computer science, information technology, cybersecurity or a related business technology field and five years of experience. Must have advanced knowledge in in at least one of the following areas: general cybersecurity fundamentals, cyber threat analysis, data science principles, digital forensics, incident handling, incident management, incident response, vulnerability management, security engineering, automation and programming, project management, and relevant technologies and programming languages. Must be able to work effectively with staff. Must be familiar with relevant policies, procedures, and be able to work with TOP SECRET / SENSITIVE COMPARTMENTED INFORMATION. Must be able to support one or more of the following: providing threat assessments, recommending cybersecurity technologies for intrusion detection and prevention, assessing technical vulnerabilities, identifying automation opportunities, investigating, and resolving security breaches, technical writing, and communication.   
FR-27 Minimal Qualifications 
Requires a bachelor’s degree in computer science, information technology, cybersecurity or a related business technology field and six years of experience. Must have expert knowledge in the in at least one of the following areas: general cybersecurity fundamentals, cyber threat analysis, data science principles, digital forensics, incident handling, incident management, incident response, vulnerability management, security engineering, automation and programming, project management, and relevant technologies and programming languages. Must be able to work effectively with staff. Must be familiar with relevant policies, procedures, and be able to work with TOP SECRET / SENSITIVE COMPARTMENTED INFORMATION. Must be able to lead one or more of the following: providing threat assessments, recommending cybersecurity technologies for intrusion detection and prevention, assessing technical vulnerabilities, identifying automation opportunities, investigating, and resolving security breaches, technical writing, and communication.
FR-28 Minimal Qualifications
Requires a bachelor’s degree in computer science, information technology, cybersecurity or a related business technology field and eight years of experience. Must have expert knowledge in the in at least one of the following areas: general cybersecurity fundamentals, cyber threat analysis, data science principles, digital forensics, incident handling, incident management, incident response, vulnerability management, security engineering, automation and programming, project management, and relevant technologies and programming languages. Must be able to work effectively with staff. Must be familiar with relevant policies, procedures, and be able to work with TOP SECRET / SENSITIVE COMPARTMENTED INFORMATION. Must be able to direct one or more of the following: providing threat assessments, recommending cybersecurity technologies for intrusion detection and prevention, assessing technical vulnerabilities, identifying automation opportunities, investigating, and resolving security breaches, technical writing, and communication.
Remarks: The Sr. Vulnerability Analyst (Sr. Cybersecurity Analyst) is an individual contributor position responsible for leading the enterprise vulnerability management program for the Board. The Sr. Vulnerability Analyst (Sr. Cybersecurity Analyst) possesses knowledge of policies and best practices pertinent to vulnerability management and has the ability to operationalize that information in the form of organizational governance and technical process (NIST, DHS/CISA, OWASP, NVD, SEI, etc.). The Sr. Vulnerability Analyst (Sr. Cybersecurity Analyst) consumes cyber threat intelligence that describes new and emerging vulnerabilities and translates that information into active defense and preventive measures. The Sr. Vulnerability Analyst (Sr. Cybersecurity Analyst) analyzes systems for potential weaknesses and/or vulnerabilities and proposes solutions to mitigate those risks. The Sr. Vulnerability Analyst (Sr. Cybersecurity Analyst) establishes and oversees patch management operations for all kinds of assets in the environment and designs mitigations where patching is impractical or impossible. The Sr. Vulnerability Analyst (Sr. Cybersecurity Analyst) establishes and implements a risk management approach for vulnerabilities including thresholds, mitigations, and risk tolerances that drives other vulnerability response actions. The Sr. Vulnerability Analyst (Sr. Cybersecurity Analyst) provides services including static and dynamic application security testing, web application vulnerability scanning, vulnerability analysis, enterprise patch management, and proposing mitigations for specific threats. The Sr. Vulnerability Analyst (Sr. Cybersecurity Analyst) develops technical products and presents highly technical subjects to a variety of audiences ranging from non-technical senior leaders to highly technical subject matter experts. The Sr. Vulnerability Analyst (Sr. Cybersecurity Analyst) collaborates with other vulnerability management professionals in the Federal space and throughout the Federal Reserve System to develop and implement cybersecurity solutions that enable vulnerability management activities. The Sr. Vulnerability Analyst (Sr. Cybersecurity Analyst) provides technical and analytical vulnerability assessments to support information security engineering decisions to ensure Board information and systems are adequately protected.
Highly Desirable:
·         At least 5-7 years of full-time experience supporting a vulnerability management program.
·         Experience applying industry standards and best practices in an operational environment to adequately manage risk and mitigate vulnerabilities as part of an enterprise service.
·         Experience with a variety of vulnerability and patch management technologies including, but not limited to, Qualys, Tenable, Nessus, Invicti, Fortify, CrowdStrike Falcon Spotlight, Microsoft Defender Vulnerability Management, etc.
·         Experience applying expert knowledge of adversary tactics, techniques, and procedures to identify, prioritize, and ultimately respond to vulnerabilities identified within the Board’s enterprise network.
·         Experience mentoring less experienced team members in vulnerability management and response activities.
·         Experience in vulnerability analysis, threat modeling, and designing mitigation and remediation strategies.
·         Experience managing vulnerabilities in on-premises systems, mobile devices, and in cloud environments, (e.g. Amazon Web Services, Microsoft Azure, Google Cloud, and Data Centers).
·         Experience developing programs and/or automated tools using a programming / scripting languages (e.g. Python, PowerShell, etc.).
·         Familiarity with relevant policies, procedures, and be able to work with TOP SECRET / SENSITIVE COMPARTMENTED INFORMATION.
·         Demonstrated resourcefulness and advanced critical thinking skills to independently direct, analyze, and implement solutions for all the various complex problems that arise in the administrative and operations area.
·         Expert technical writing and communications skills. Contacts are often with division leadership, but also with staff at all levels; a significant degree of coordination and contact with other units/sections/divisions may also be required.
·         Ability to construct clear and concise written work and applies an increasingly advanced understanding of grammar, sentence structure, and intended audience(s) to the process of writing and editing such work.
·         Ability to explain to cross-team or cross-divisional partners items of high levels of complexity.
·         Possess skills in negotiation and persuasion in performing duties and influencing support for change.
This position is hybrid, requiring a combination of telework and in-office presence in Washington, DC