Risk and Vulnerability Analyst II ( R-00063180 )
The DHS ICE SOC is responsible for the Information Security Vulnerability Management Program and internal/external Vulnerability Assessment program. The VAT team will establish a program for use throughout ICE, Completes vulnerability assessments, identifies opportunities for improvement, and Communicates recommended solutions for addressing vulnerabilities.
This position is located in Washington, DC or Chandler, AZ.
This position will proactively scan all devices on the ICE network per DHS Vulnerability Assessment Test policy requirements on a continuous basis for network and system vulnerabilities. This position will monitor the remediation status of the scan results and evaluate the scan results for accuracy and risk. This position will provide the analyzed results to the various responsible parties identified by the Government Task Monitor for resolution. This position will act as the subject matter expert (SME) for the scan results and consult with the remediation teams on various methods for resolution. This position will be responsible for the Vulnerability Exploit Test and “ad hoc” web application, database, and operating system targeted scan requests. Cyber Hygiene scanning will be performed based on the following:
• Active hosts, operating system, ports, protocols and services
• Vulnerabilities and weaknesses
• Common configuration errors
• Improperly signed Domains
• Expired SSL Certificates.
Understand how systems and infrastructure appear to potential attackers:
• Operating Systems
Additionally, this position will support the Security Assurance Branch and/or Governance and Risk Management (GRM) in any vulnerability management-related activities.
• Manage ICE-wide Information Security Vulnerability Management (ISVM) compliance validation, Common Vulnerabilities and Exposures (CVE), and Common Platform Enumeration (CPE) assessments.
• Conduct, operate, and maintain assessments and the resulting Vulnerability Assessment (VA) data and reports.
• Perform regularly scheduled vulnerability assessments using a master schedule.
• Coordinate the VA testing in advance with the ICE Network Operations Center (NOC) and the DHS Enterprise SOC to assure coordination with network maintenance, availability, and operations.
• Coordinate with system owner/Information System Security Manager (ISSM)/Information Systems Security Officer (ISSO) for any necessary changes to the schedule.
• Use approved test procedures, information collection scripts, and VA tools that are CVE database compatible; the latest versions of tools with up-to-date lists of vulnerability checks; appropriate to DHS’s policies, requirements and technologies.
• Employ ad-hoc or emergency VA scanning to support targeted incident investigation, escalation and emergency response to security events in accordance with documented procedures.
• Additionally, the Contractor shall support the Security Assurance Branch and/or Governance and Risk Management (GRM) in any vulnerability management-related activities.
• Provide vulnerability assessment summary reports to the appropriate systems owner/ISSM/ISSO and document the findings.
• Archive VA data and reports.
• Conduct follow-on assessments, to compare results, focus on deferential findings, look for evidence or lack of improvements thereof to report trends, determine effectiveness of
mitigation strategy, and provide recommendations to changes in DHS policy or architecture.
• Provide automated reporting capabilities to input scanning results to report on findings at time of engagement.
This position will develop and provide, at the minimum, the following reporting deliverables and stated data elements:
• Scanning report to include:
• Data and time of scan
• Network segment(s) scanned
• Individual who performed/verified scan
• Risk/threat level associated with scan
• Roll up of scan results:
- Network map with scan coverage
- Network map with scanning results overlay
- Pie chart that describes overall scan results
• Remediation report to include:
• Repeat findings.
- The length of time the vulnerability has been tracked and not remediated
• Trending Information:
- Threat Level
- Sensitivity level of network segment; e.g. eGOV site
- The length of time the vulnerability has been identified, but not corrected
• Mitigation suggestions:
• Mitigation Recommendations
Additionally, the Contractor shall support the Security Assurance Branch and/or Governance and Risk Management (GRM) in any vulnerability management-related activities. Basic Qualifications:
Bachelor’s Degree AND 8-12 years security-related experience
Must have a current Secret clearance and have the ability to obtain a DHS EOD
Experience with industry accepted scanning tools, ad hoc and automated scanning
Ability to automate scanning
Experience with Information Security Vulnerability Management (ISVM) scans and compliance