We are seeking an experienced, self-directed, SR Cyber Security Analyst (Vulnerability Analyst) to support our DoD customer; location will be at different sites in Rockville, MD.  

As a Senior Cyber Security Analyst  you will play a critical role in identifying, analyzing, and remediating security vulnerabilities across our infrastructure. Working closely with the IT and Security teams, you’ll lead vulnerability assessments, apply risk management frameworks, and prioritize remediation efforts to protect our systems, networks, and applications.

Duties and Responsibilities:

• Vulnerability Assessments: Perform in-depth vulnerability assessments on systems, networks, and applications to identify potential security risks and weaknesses. Prioritize findings based on their potential impact.
• Utilize Scanning Tools: Conduct vulnerability scans using industry-leading tools such as Nessus, OpenVAS, and Qualys. Analyze and interpret the results to drive actionable insights.
• Collaboration & Remediation: Work closely with the IT and security teams to prioritize and address identified vulnerabilities. Provide technical expertise and guidance for the remediation process to ensure timely resolution of critical issues.
• Threat Modeling & Risk Assessments: Lead threat modeling exercises and perform risk assessments to identify potential threats to the organization. Recommend security improvements and help design robust mitigation strategies.
• Lead Vulnerability Assessments: Take charge of vulnerability assessments for complex and high-priority systems, ensuring thorough analysis and appropriate response to critical vulnerabilities.
• Documentation & Reporting: Maintain clear and concise documentation of vulnerability assessments, remediation efforts, and risk management activities. Prepare detailed reports for management and key stakeholders, providing insights into the organization's security posture.
• Stay Updated on Threat Landscape: Continuously monitor emerging vulnerabilities, threats, and security trends. Ensure that the organization is aware of new risks and is prepared to mitigate them proactively.

Required Skills and Experience

• Bachelor’s Degree Information Technology, Cyber Security or related technical field
• Experience: Minimum of 8 years of experience in vulnerability assessment, penetration testing, with a proven track record of identifying and mitigating security vulnerabilities in complex environments and 10+ years in Information Technology.
• Technical Proficiency: Strong proficiency with vulnerability scanning and assessment tools such as Nessus, Nexpose, OpenVAS, and Qualys.
• Risk Management Knowledge: Solid understanding of risk management frameworks, including NIST, ISO 27001, and CIS. Ability to assess risk levels and recommend actionable solutions.
• Certifications: 8570 Certifications - at least one of the following: as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), CISSP (Certified Information Systems Security Professional), or CISA (Certified Information Systems Auditor).
• Analytical & Problem-Solving Skills: Strong analytical skills with the ability to assess complex security issues and provide clear, actionable solutions. Detail-oriented with a focus on accuracy and thoroughness.
• Communication Skills: Excellent written and verbal communication skills, with the ability to present complex technical information to non-technical stakeholders. Strong collaboration skills to work effectively with cross-functional teams.
• Knowledge of Security Best Practices: In-depth knowledge of security best practices, including patch management, secure coding practices, and proactive security measures.

Required Clearance

• Active DoD TS/SCI clearance is required.

C2 is an equal opportunity employer.