Peraton Overview

Peraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly differentiated national security solutions and technologies that keep people safe and secure. Peraton serves as a valued partner to essential government agencies across the intelligence, space, cyber, defense, civilian, health, and state and local markets. Every day, our 22,000 employees do the cant be done, solving the most daunting challenges facing our customers.

We are an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law.

As a government contractor, Peraton abides by the following provision

Pay Transparency Nondiscrimination Provision

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of the other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c).

Qualifications

REQUIRED

Candidate must be a US citizen

High Risk Public Trust, level 6C or Secret Clearance preferred

Ability to obtain High Risk Public Trust, level 6C will be required

The successful candidate should have a strong track record of performance in the following areas:

• Bachelors Degree in Computer Science or related field; or equivalent post high school education and/or work related experience
• 5+ years' experience in IT security
• Experience working with compliance and regulatory program requirements especially FISMA regulated environments
• Experience analyzing network, event and security logs, and/or IDS alert logs
• Proven project management and organizational skills, specifically managing multiple concurrent projects
• Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude
• Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism
• Excellent teamwork skills
• Technical experience in the following:
  • Microsoft Windows Server and Desktop Operating Systems
  • Microsoft Active Directory
  • Microsoft SQL Server
  • Oracle Database
  • VMware ESX
  • Red Hat Enterprise Linux (RHEL)
  • Mainframe
  • Firewall, HIDS/IDS, SIEM
  • Vulnerability scanning tools (DbProtect, Tenable.sc, Nipper)
  • Industry best practice security standards (e.g., DISA STIG, CIS, NIST, etc.)

Responsibilities

The Vulnerability Assessment Engineer will be responsible for understanding and maintaining the security requirements as the technical Subject Matter Expert.

Vulnerability Assessment Engineer responsibilities, under general supervision, supports the Account Security Officer and other Account Security team personnel in Information Assurance and Security activities for the client. Operate vulnerability assessment equipment in support of vulnerability and compliance initiatives. Work with the Security Team to refine current processes and procedures, and suggest and implement any new processes that will assist with fulfilling the mission of the current client contract. Act as the main point of contact and subject matter expert for vulnerability scanning/assessment activities. Work with SOC counterparts to coordinate CDM and other scanning activities.

RESPONSIBILITIES

• Leads security compliance checklist efforts for system components
• Prepares vulnerability and compliance reporting, analyzes system impact, updates stakeholders on progress of system hardening efforts
• Assists in development and implementation of technical security policies
• Provides security analysis and consultation services for product, system, and network architecture designs pertaining to vulnerability management tools
• Maintains up to date knowledge of IP network architectures
• Identifies trends and root causes of system vulnerabilities and configuration settings
• Provides risk analysis as required for projects or as necessary with recommended configuration changes
• Ensures vulnerability and compliance scanning procedures meet security requirements
• Initiates compliance and vulnerability scans using Nessus Security Center tool for configuration and vulnerability management
• Defines and updates the Security Configuration Mangement (SCM) baselines to meet DISA STIG requirements at least semi-annually
• Leads the quarterly SCM Baseline Compliance Reporting to client
• Performs any other Information Security duties as assigned
• Provides consultation to technical subject matter experts (SMEs) in information security support to including assisting with evidence gathering, preparing technical narratives, and conducting training
• Works with SOC counterparts to coordinate CDM and other scanning activities
• Ensures program deliverables are met with regard to vulnerability scan reports and SLA requirements.

Specifically, the Vulnerability Assessment Engineer conducts the following:

• Weekly vulnerability scans using Tenable.sc
• BOD 18-01 scans
• Monthly SLA reporting - CyberScope Report
• Ad Hoc scanning for OSA - Tenable, DbProtect, and Nipper
• Customer scan requests for Nessus and DbProtect - Remedy work orders
• Monthly Nessus reports for Discovery scans and Certificate info
• CDM scanning for databases within the General Support System (GSS) (using DbProtect)
• Monthly Nipper scans/analysis of network device configuration

For Colorado Residents
Colorado Salary Minimum: $78,416.00 Colorado Salary Maximum:$167,627.20 The estimate displayed represents the typical salary range for this position, and is just one component of Peraton's total compensation package for employees. Other rewards may include annual bonuses, short- and long-term incentives, and program-specific awards. In addition, Peraton provides a variety of benefits to employees.