Cybersecurity Analyst (Vulnerability Management & Continuous Monitoring)

Summary Cybersecurity Analyst (Vulnerability Management & Continuous Monitoring) – Oakton, VA. Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer’s core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large-scale government operations by leveraging cutting‑edge technology and take your career to the next level! SecuriGence delivers essential technology services supporting critical national security missions. We are seeking a Cybersecurity Analyst (Vulnerability Management & Continuous Monitoring) to support Department of Defense (DoD) cybersecurity operations by executing vulnerability management, security compliance, and Continuous Monitoring (ConMon) activities in accordance with the Risk Management Framework (RMF). This role is responsible for identifying, assessing, prioritizing, and tracking vulnerabilities using enterprise tools, ensuring compliance with Security Technical Implementation Guides (STIGs), and responding to Information Assurance Vulnerability Alerts (IAVAs). Responsibilities Vulnerability Management Perform vulnerability scanning using Assured Compliance Assessment Solution (ACAS) (e.g., Tenable.sc / Nessus). Enforcing the ACAS best practice guide requirements when performing vulnerability scans in ACAS. Analyze scan results to identify vulnerabilities, misconfigurations, and compliance gaps. Validate findings against the latest released DISA STIGs and applicable security baselines. Review of provided checklists and working with system admins in identifying gaps for POA&M creation. Assess and track vulnerabilities in accordance with DoD timelines and risk severity. Correlate vulnerabilities with IAVA/IAVM notices and ensure timely remediation or mitigation. Develop and maintain Plan of Action and Milestones (POA&M) documentation. Maintenance of Risk Acceptance (RA) POA&M items within SOR (System of Record) and coordinating with System administrators to validate that RA is required instead of a POA&M. STIG Compliance & Hardening Apply and validate Security Technical Implementation Guides (STIGs) across operating systems, applications, and network devices. Conduct manual and automated STIG compliance checks using tools such as ACAS Audit checks, STIG Viewer, SCAP Compliance Checker (SCC), and Evaluate-STIG. Document compliance status and provide remediation guidance to system administrators. Support system hardening efforts aligned with DoD baseline configurations. Ensure that golden images are maintained for Servers (RHEL and Windows) and Workstations following STIG guidance. IAVA/IAVM Management Monitor and assess Information Assurance Vulnerability Alerts (IAVAs) and Bulletins (IAVBs). Determine system applicability and operational impact. Coordinate remediation actions and track compliance deadlines. Maintain IAVA compliance reporting and documentation for audits. Continuous Monitoring (ConMon) Execute Continuous Monitoring activities in accordance with RMF Step 6. Monitor security controls for effectiveness and ongoing compliance. Conduct control assessments and assist with periodic security reviews. Support automated and manual data collection for ConMon dashboards and reporting. Identify trends, recurring issues, and systemic risks across systems. RMF & Compliance Support Support RMF activities across all six steps, with emphasis on control implementation validation, security control assessment support, and ongoing authorization (ATO sustainment). Update and maintain RMF artifacts, including System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and Security Assessment Plan (SAP). Map vulnerabilities and findings to NIST SP 800-53 controls. Reporting & Documentation Generate vulnerability and compliance reports for leadership and Authorizing Officials (AOs). Provide risk-based recommendations and remediation strategies. Maintain audit‑ready documentation in accordance with DoD and agency requirements. Other duties as assigned. Qualifications High school diploma or GED equivalent. 5+ years of experience in DoD cybersecurity or RMF‑based environments. Hands‑on experience with: ACAS (Nessus / Tenable.sc) STIG implementation and validation IAVA/IAVM processes Experience with vulnerability assessment, risk analysis, and remediation tracking. DoD 8570/8140 Compliance: Must meet IAT Level II requirements (e.g., Security+). Active DoD Top Secret clearance with SCI eligibility. Knowledge, Skills, and Abilities Strong understanding of: DoD RMF (DoDI 8510.01) NIST SP 800-53 security controls Ability to manage multiple systems and priorities in a regulated environment. Strong analytical and problem‑solving skills. Attention to detail and compliance rigor. Ability to translate technical risk into mission impact. Effective communication with technical and non‑technical stakeholders. Relevant certifications: Certified Information Systems Security Professional (CISSP). Certified Ethical Hacker (CEH) or equivalent. DISA ACAS Training Certificate. Experience with: ACAS SCAP Compliance Checker (SCC) / Evaluate-STIG STIG Viewer eMASS, Xacta Trellix, MDE Splunk, Elastic Familiarity with scripting (e.g., PowerShell, Python) for automation. Experience in enterprise‑level ConMon programs or NOSC/SOC environments. How you’ll grow At Chenega MIOS, our professional development plan focuses on helping our team members at every level of their careers to identify and use their strengths to do their best work every day. From entry‑level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help sharpen skills in addition to hands‑on experience in the global, fast‑changing business world. From on‑the‑job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their careers. Benefits At Chenega MIOS, we know that great people make a great organization. We value our team members and offer them a broad range of benefits. Learn more about what working at Chenega MIOS can mean for you. Chenega MIOS’s culture Our positive and supportive culture encourages our team members to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them be healthy, centered, confident, and aware. We offer well‑being programs and continuously look for new ways to maintain a culture where we excel and lead healthy, happy lives. Corporate citizenship Chenega MIOS is led by a purpose to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our team members, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill‑based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Chenega’s impact on the world. Tips from your Talent Acquisition Team We want job seekers exploring opportunities at Chenega MIOS to feel prepared and confident. To help you with your research, we suggest you review the following links: Chenega MIOS website - Glassdoor - LinkedIn - Facebook - #J-18808-Ljbffr Chenega Corporation