CyberSecurity - Vulnerability Assessment Analyst II

About Agile Defense At Agile Defense we know that action defines the outcome and new challenges require new solutions. That’s why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next. Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility—leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation’s vital interests. Our Core Values Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together. What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are. Happy - Be Infectious. Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do. Helpful - Be Supportive. Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated. Honest - Be Trustworthy.Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support. Humble - Be Grounded.Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task. Hungry - Be Eager.Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges. Hustle - Be Driven.Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities Job Description Role Overview The Vulnerability Assessment Analyst II is responsible for identifying, analyzing, and reporting on cybersecurity vulnerabilities across Department of the Army and DoD enterprise networks. This mission-critical role involves utilizing DoD-approved scanning tools to evaluate network enclaves, hardware, and software, ensuring compliance with strict security configurations and assisting engineering teams with remediation strategies to defend against cyber threats. Duties and Responsibilities: Vulnerability Scanning Execute routine and ad-hoc vulnerability, compliance, and discovery scans using DoD-mandated tools such as the Assured Compliance Assessment Solution (ACAS) / Tenable Nessus and SCAP Compliance Checker. Analysis & Reporting Analyze scan results to identify false positives, evaluate risk levels, and generate actionable vulnerability reports, dashboards, and Contract Data Requirements List (CDRL) deliverables for Army leadership. Mitigation & Remediation Collaborate directly with Systems Administrators, Network Engineers, and Information System Security Officers (ISSOs) to provide technical guidance on patching, remediation, and mitigation strategies. Compliance & Directives Track and enforce compliance with Information Assurance Vulnerability Alerts (IAVAs), Security Technical Implementation Guides (STIGs), and Army Cyber Command (ARCYBER) directives. Tool & Infrastructure Management Assist in the configuration, troubleshooting, and maintenance of the vulnerability scanning infrastructure (e.g., Security Center, Nessus scanners) within an Impact Level 5 (IL5) or secure enclave environment. Other Duties: Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. Basic understanding and ability to identify vulnerabilities and risk levels. Must be able to assist Level 1 analysts. Education and Background Typically has a bachelor degree, and 2-3 years of experience, or equivalent relevant work experience; e.g., each year of work experience may be substituted for each year of education required. Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or a related technical field. DoD Directive Compliance: Must meet DoD 8140/8570.01–M requirements for Information Assurance Technical (IAT) Level II (e.g., CompTIA Security+ CE, CySA+, or equivalent). Years of Experience Experience: 2-3 years of professional experience in cybersecurity, with at least 1 year actively performing vulnerability assessments in a DoD or Army IT environment. Required Skills Technical Proficiency: Hands-on experience operating ACAS (Tenable.sc/Nessus) and applying DISA STIGs using the SCAP toolset. RMF & POA&M Management: Demonstrated ability to generate, validate, and assess Plans of Action and Milestones (POA&Ms) for IT systems. Must support all aspects of the Risk Management Framework (RMF), leveraging eMASS and other Customer-utilized systems to ensure Cyber vulnerability controls are successfully maintained and sustained. Technical Oversight: Ability to provide technical oversight and risk mitigation recommendations, clearly conveying industry best-practice remediations to the Customer verbally and in formal written formats. Continuous Monitoring: Deep understanding and working familiarity with Continuous Monitoring (CONMON) practices, policies, and execution is required. Preferred Skills Advanced Certifications: Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP+), or ACAS-specific training certificates. Army Specific Systems: Familiarity with Army-specific cyber regulations (e.g., AR 25-2). Automation & Scripting: Experience using PowerShell, Python, or Bash to automate vulnerability data parsing or compliance checking. Process Optimization: Demonstrated ability to evaluate and recommend automation capabilities to processes to formalize and standardize validation and reporting, as well as design innovative approaches to displaying data analytics for an in-depth understanding of potential issues related to the Customer’s Systems. Project & Team Dynamics: Experience with Agile project management methodologies, DoD Records Management tenets, and the ability to innovate in a highly fluid, fast-paced environment. Working Conditions Onsite 5 days per week during Core Business hours. Working directly with the Customer and other Contractors to ensure exceptional service delivery.

{
  "content_hash": "afc0f822fa31d1cc39a7b7f9c02720df0706ee2ef1d3d4eaf3eaaecfeb67c418",
  "source_hash": "86a5b4a1a697e51bcf8480b73f66592d55f6aeff4fa85c2d4e045bcf98db2bbe",
  "last_changed_at": "2026-06-06T07:55:07.848Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Huntsville, AL",
    "city": "Huntsville",
    "region": "AL",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.9
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T18:55:02.318Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "Huntsville, AL",
      "city": "Huntsville",
      "region": "AL",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.9
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": null,
  "salary_period": null,
  "workplace_type": "on_site",
  "salary_currency": null
}

{}

{
  "lists": [
    {
      "text": "Job Description",
      "content": "<div><strong>Role Overview</strong></div>\n<div>&nbsp;</div>\n<div>The Vulnerability Assessment Analyst II is responsible for identifying, analyzing, and reporting on cybersecurity vulnerabilities across Department of the Army and DoD enterprise networks. This mission-critical role involves utilizing DoD-approved scanning tools to evaluate network enclaves, hardware, and software, ensuring compliance with strict security configurations and assisting engineering teams with remediation strategies to defend against cyber threats.</div>\n<div>&nbsp;</div>\n<div><strong>Duties and Responsibilities:</strong><br><br></div>\n<div>&nbsp;</div>\n<div><strong>Vulnerability Scanning</strong></div>\n\n<li>Execute routine and ad-hoc vulnerability, compliance, and discovery scans using DoD-mandated tools such as the Assured Compliance Assessment Solution (ACAS) / Tenable Nessus and SCAP Compliance Checker.</li>\n\n<div><strong>Analysis &amp; Reporting</strong></div>\n\n<li>Analyze scan results to identify false positives, evaluate risk levels, and generate actionable vulnerability reports, dashboards, and Contract Data Requirements List (CDRL) deliverables for Army leadership.</li>\n\n<div><strong>Mitigation &amp; Remediation</strong></div>\n\n<li>Collaborate directly with Systems Administrators, Network Engineers, and Information System Security Officers (ISSOs) to provide technical guidance on patching, remediation, and mitigation strategies.</li>\n\n<div><strong>Compliance &amp; Directives</strong></div>\n\n<li>Track and enforce compliance with Information Assurance Vulnerability Alerts (IAVAs), Security Technical Implementation Guides (STIGs), and Army Cyber Command (ARCYBER) directives.</li>\n\n<div><strong>Tool &amp; Infrastructure Management</strong></div>\n\n<li>Assist in the configuration, troubleshooting, and maintenance of the vulnerability scanning infrastructure (e.g., Security Center, Nessus scanners) within an Impact Level 5 (IL5) or secure enclave environment.</li>\n\n<div><strong>Other Duties:</strong></div>\n\n<li>Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.</li>\n<li>Measures effectiveness of defense-in-depth architecture against known vulnerabilities.</li>\n<li>Basic understanding and ability to identify vulnerabilities and risk levels. Must be able to assist Level 1 analysts.</li>\n"
    },
    {
      "text": "Education and Background",
      "content": "\n<li>Typically has a bachelor degree, and 2-3 years of experience, or equivalent relevant work experience; e.g., each year of work experience may be substituted for each year of education required.</li>\n<li>Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or a related technical field.</li>\n<li>&nbsp;DoD Directive Compliance: Must meet DoD 8140/8570.01–M requirements for Information Assurance Technical (IAT) Level II (e.g., CompTIA Security+ CE, CySA+, or equivalent).</li>\n"
    },
    {
      "text": "Years of Experience",
      "content": "<div>Experience: 2-3 years of professional experience in cybersecurity, with at least 1 year actively performing vulnerability assessments in a DoD or Army IT environment.</div>\n<div>&nbsp;</div>"
    },
    {
      "text": "Required Skills",
      "content": "\n<li><strong>Technical Proficiency: </strong>Hands-on experience operating ACAS (Tenable.sc/Nessus) and applying DISA STIGs using the SCAP toolset.</li>\n<li><strong>RMF &amp; POA&amp;M Management: </strong>Demonstrated ability to generate, validate, and assess Plans of Action and Milestones (POA&amp;Ms) for IT systems. Must support all aspects of the Risk Management Framework (RMF), leveraging eMASS and other Customer-utilized systems to ensure Cyber vulnerability controls are successfully maintained and sustained.</li>\n<li><strong>Technical Oversight:</strong> Ability to provide technical oversight and risk mitigation recommendations, clearly conveying industry best-practice remediations to the Customer verbally and in formal written formats.</li>\n<li><strong>Continuous Monitoring:</strong> Deep understanding and working familiarity with Continuous Monitoring (CONMON) practices, policies, and execution is required.</li>\n"
    },
    {
      "text": "Preferred Skills",
      "content": "\n<li><strong>Advanced Certifications:</strong> Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP+), or ACAS-specific training certificates.</li>\n<li><strong>Army Specific Systems:</strong> Familiarity with Army-specific cyber regulations (e.g., AR 25-2).</li>\n<li>Automation &amp; Scripting: Experience using PowerShell, Python, or Bash to automate vulnerability data parsing or compliance checking.</li>\n<li><strong>Process Optimization: </strong>Demonstrated ability to evaluate and recommend automation capabilities to processes to formalize and standardize validation and reporting, as well as design innovative approaches to displaying data analytics for an in-depth understanding of potential issues related to the Customer’s Systems.</li>\n<li><strong>Project &amp; Team Dynamics:</strong> Experience with Agile project management methodologies, DoD Records Management tenets, and the ability to innovate in a highly fluid, fast-paced environment.</li>\n"
    },
    {
      "text": "Working Conditions",
      "content": "<div>Onsite 5 days per week during Core Business hours. Working directly with the Customer and other Contractors to ensure exceptional service delivery.</div>"
    }
  ],
  "country": "US",
  "createdAt": 1780592471636,
  "updatedAt": null,
  "categories": {
    "team": "Cyber Defense",
    "location": "Huntsville, AL",
    "commitment": "Regular",
    "department": "Cybersecurity",
    "allLocations": [
      "Huntsville, AL"
    ]
  },
  "salaryRange": null,
  "workplaceType": "onsite"
}