Vulnerability Analyst, Mid

Key Role: 

Support Booz Allen Hamilton's internal Enterprise Cybersecurity team through utilization of enterprise-level vulnerability scanning and assessment tools to identify all internally and externally facing vulnerabilities present across the Booz Allen network, verifying that appropriate patches or mitigations are in place within defined SLA levels.  Conduct analysis and serve as a vulnerability management resource supporting the firm’s client facing and internal support teams.  Keep up to date with emerging threats within the industry and collaborate with other Cybersecurity teams in a Cyber Fusion Center (CFC) environment to understand the impact of security threats and possible impacts to the global enterprise.  Leverage both automated and manual vulnerability scanning tools to run scans and reports on an automatic and ad-hoc basis, and be responsible for assisting others in interpreting, understanding, and applying information security policies and standards to mitigate information security risks. Configure and run vulnerability scans across the global enterprise, requiring a solid understanding of network topology.  Assist the Vulnerability Manager with providing metrics and KPIs to other operational teams and senior leadership. This position is a hybrid role with a combination of working at a Booz Allen office or client site and working remotely.

Basic Qualifications: 

  • 3+ years of experience in a vulnerability management role, with experience deploying and managing or multiple Nessus scanners within a medium or large-scale enterprise
  • 3+ years of related experience in system administration
  • Experience in shell scripting or programming languages such as Python, Ruby or Perl 
  • Knowledge of basic networking protocols including TCP/IP, UDP, HTTP/HTTPS, SSH, FTP, DNS, etc
  • Knowledge of vulnerabilities, cyber threats, and information security tools 
  • Ability to display excellent oral and writing skills and the ability to communicate effectively with clients, support teams and management 
  • Ability to work remotely, as required, and manage requirements with minimal supervision
  • Ability to obtain a security clearance

Additional Qualifications: 

  • Experience with managing, deploying, and securing instances within cloud environments, including Microsoft, Azure, and AWS 
  • Experience with Splunk including building search queries 
  • Knowledge of web applications, databases and web server design and implementation 
  • Knowledge of open security standards and projects, including OWASP 
  • Certifications in GSEC, GMON, GCIA, or Security+
  • Bachelors degree in CS, Information Systems, a related field, or 4 years work in a related field 


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.

Not ready to apply? Join our talent community and sign up for job alerts.