Vulnerability Analyst

Job Description

Description

We are seeking a skilled Security Engineer with extensive experience in vulnerability remediation at the operating system (OS) level across various cloud environments, including AWS, Azure, OCI, and GCP to join our IT team on-site in Washington, D.C. The ideal candidate will be responsible for ensuring the security and integrity of our cloud infrastructure by identifying, assessing, and mitigating vulnerabilities. This role requires a deep understanding of cloud services, operating system vulnerabilities, and best practices for securing cloud environments that are hosting a variety for MS Windows, and Linux (Red hat, Ubuntu, Amazon) operating systems.

Key Responsibilities:

• Identify and remediate vulnerabilities in cloud infrastructure, with a specific focus on OS-level threats across multiple cloud platforms, including compliance with STIG and CIS benchmarks.
• Collaborate with the cybersecurity team to conduct regular security assessments, vulnerability scans, and penetration tests to identify potential weaknesses.
• Contribute to the development and maintenance of security policies, standards, and procedures for cloud infrastructure, working closely with the cybersecurity team.
• Work with development and operations teams to ensure secure deployment of applications, emphasizing secure configurations and OS-level hardening.
• Monitor security alerts and logs to detect and respond to potential security incidents across cloud environments.
• Stay up-to-date with the latest security threats, vulnerabilities, and technology trends relevant to cloud infrastructure and operating systems.
• Provide guidance and mentorship to junior engineers and team members on best practices for security and vulnerability management in cloud environments.
• Document security controls, configurations, and processes for audit and compliance purposes, ensuring alignment with organizational standards.

Qualifications

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field and 2 years of relevant experience.
• Must be a U.S. Citizen with the ability to obtain and maintain a secret clearance. 
• Professional certifications such as AWS Certified Security - Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, or equivalent.
• Minimum of 5 years of experience in cloud engineering, with a focus on security and vulnerability management across AWS, Azure, OCI, and GCP.
• Proven experience in identifying and remediating OS-level vulnerabilities in both Linux and Windows environments with a strong understanding of STIG and CIS compliance requirements.
• Strong understanding of cloud security frameworks and best practices, including NIST, CIS, and ISO 27001.
• Proficiency in using security tools such as Nessus Tenable, ORCA Security, AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and other vulnerability scanning tools.
• Familiarity with Red Hat Satellite server, WSUS, IBM BigFix or other similar toolsets.
• Knowledge of scripting languages such as Python, Bash, PowerShell, Ansible for automation of security remediation tasks.
• Excellent problem-solving skills and the ability to work under pressure in a fast-paced environment.
• Strong communication and interpersonal skills, with the ability to explain complex security issues to technical and non-technical stakeholders.

Additional Requirements:

• Must be a US citizen, willing and able to work on-site in Washington, D.C. 
• Excellent interpersonal and communication skills, both written and verbal.
• Commitment to following stringent security protocols.
• Well-organized, with a high level of attention to detail and the ability to prioritize tasks.

Note: This position is for on-site work in Washington, D.C.; there are no remote work options available. The role requires a commitment to security and confidentiality due to the classified nature of the environment. All candidates must pass a comprehensive background check to ensure eligibility for security clearance.

Overview

SAIC accepts applications on an ongoing basis and there is no deadline.

SAIC® is a premier Fortune 500® mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives.

We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.