Vulnerability Management Analyst
| Company | CACI |
|---|---|
| Location | O’Fallon, IL, USA |
| Salary | $68400 – $143700 |
| Type | Full-Time |
| Degrees | Bachelor’s, Master’s |
| Experience Level | Mid Level, Senior, Expert or higher |
Requirements
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (equivalent combination of education and experience may be considered in lieu of degree)
- 3-8 years of experience in vulnerability management, cybersecurity, or a related field
- U.S. citizenship and ability to obtain and maintain required security clearance
- Strong knowledge of vulnerability assessment tools and methodologies
- Familiarity with USCYBERCOM, USTRANSCOM, and USAF cyber orders
- Experience with DISA CMRS or similar vulnerability management systems
- Proficiency in conducting and analyzing vulnerability scans
- Strong analytical and problem-solving skills
- Excellent communication skills, both written and verbal
- Ability to work effectively in a team environment
- 8-11 years of experience in vulnerability management, cybersecurity, or a related field
- In-depth knowledge of vulnerability assessment tools and methodologies
- Strong understanding of USCYBERCOM, USTRANSCOM, and USAF cyber orders
- Familiarity with JTMS Authorization and Accreditation (A&A) requirements
- Experience with government vulnerability management systems (e.g., DISA CMRS)
- Proficiency in performing and analyzing vulnerability and compliance scans
- At least 12 years of progressive experience in vulnerability management and cybersecurity
- Extensive knowledge of USCYBERCOM, USTRANSCOM, and USAF cyber orders and compliance requirements
- In-depth understanding of JTMS Authorization and Accreditation (A&A) processes
- Expert-level proficiency in vulnerability scanning tools and techniques
- Strong analytical and problem-solving skills with the ability to handle complex cybersecurity challenges
- Excellent communication skills, both written and verbal, including the ability to present technical information to non-technical stakeholders
- Experience with DISA Continuous Monitoring Risk Scoring (CMRS) system or similar vulnerability management systems
Responsibilities
- Serves as the focal point for all vulnerability and change management actions
- Review, plan, test, implement, track, and report on all functions related to patching, updating, or upgrading IT systems
- Ensures compliance with USCYBERCOM, USTRANSCOM, USAF cyber orders, and JTMS Authorization and Accreditation (A&A) requirements
- Supports test plan development and perform system configuration testing
- Schedules and coordinates Authorized Service Interruptions (ASIs) as directed by the ISSM team
- Performs weekly vulnerability and compliance scans using government-approved tools
- Provides results and recommended remediation actions based on scan findings
- Updates government vulnerability management systems (e.g., DISA Continuous Monitoring Risk Scoring ‘CMRS’ system)
- Collaborates with cross-functional teams to implement security measures and resolve vulnerabilities
- Stays current with emerging threats, vulnerabilities, and mitigation strategies
- Serves as the primary point of contact for all vulnerability and change management actions
- Develops and implements strategic vulnerability management policies and procedures
- Mentors junior team members and provide expert guidance on complex vulnerability issues
Preferred Qualifications
- Active Secret security clearance
- Relevant certifications such as CEH, CISSP, GIAC, or Security+
- Experience working in government or military IT environments
- Knowledge of NIST, FISMA, and DoD cybersecurity frameworks
- Familiarity with change management processes and tools
- Experience with patch management systems and processes
- Master’s degree in a relevant field
- Professional certifications such as CISSP, CEH, GIAC, or equivalent
- Experience working with DoD or other government agencies
- Knowledge of Risk Management Framework (RMF) and NIST guidelines
- Familiarity with change management processes and ITIL framework
- Experience with automation and scripting for vulnerability management tasks
- Relevant cybersecurity certifications (e.g., CISSP, CEH, GIAC)
- Experience working with DoD agencies and understanding of their specific cybersecurity requirements
- Familiarity with DevSecOps practices and tools
- Track record of implementing successful vulnerability management programs
- Experience in developing and delivering cybersecurity training