Navy Federal Credit Union
Cyber Security Analyst III-IV (Rapid7 Nexpose, InsightVM tool)
At a glance
Location: US-VA-Vienna, VA Map
Posted: 09/30/2019
Closing: 10/29/2019
Degree: Not Specified
Type: Full-Time
Experience: Not Specified
Navy Federal Credit Union
Job description

Employee Perks

Why You Will Love Being Part of the Navy Federal Team:

*Competitive compensation with opportunities for annual raises, promotions, and bonus potential
*Best-in-Class Benefits! (7% 401k match / Pension plan / Tuition reimbursement / Great insurance options)
*On-site amenities include fitness center, wellness center, cafeteria, etc. at Pensacola, FL; Vienna, VA and Winchester, VA campuses
*Consistently Awarded Top Workplace
*Nationally recognized training department by TRAINING Magazine IND123
*An employee-focused, diverse, and service-oriented workplace environment

Basic Purpose

The Cybersecurity Analyst serves as a subject matter expert to the vulnerability management program of Navy Federal Credit Union’s Cybersecurity Operations Center, providing procedural expertise to the program. The Analyst will work closely with other vulnerability assessment members to identify threats and vulnerabilities to the organization. The Analyst will partner with additional teams within Navy Federal Credit Union to protect the Navy Federal brand, data, and IT assets from cyber-based threats. #dice

Responsibilities

• Knowledge of / expertise with industry-standard vulnerability management tools. Examples include: Nessus, Nmap, Rapid7 Nexpose, Metasploit, Burp Suite, Fortify, and HP Webinspect.
• Provide and support efforts to maintain metrics which includes vulnerability remediation
• Discover, identify, and track vulnerabilities to assess risks to NFCU information assets. This includes identifying vulnerability false positives and maintaining a vulnerability assessment schedule.
• Measure the effectiveness of the credit union’s technology safeguards by performing tests to ensure they provide the intended level of protection
• Participate in execution of testing, red teaming, and enforcement of security standards and remediation tracking
• Build and maintain relationships with other teams, business units, and stakeholders; regularly communicate status to key stakeholders
• Possess the ability to make decisions independently and prioritize assignments and workload
• Ensure staff, at all levels, consistently apply defined processes and procedures to established standards
• Escalate issues to management in a timely manner with appropriate information regarding risk and impact

Qualifications

Candidates must possess:

• 5-7 years of experience participating in vulnerability management
• Expert-level understanding of / experience in the practical application of the vulnerability management lifecycle and associated best practices
• Experience with industry-standard vulnerability management tools, including but not limited: to Rapid7 Nexpose and Metasploit Pro, Burp Suite, Webinspect, and HP Fortify
• An understanding of the vulnerability identification, analysis, and scoring standard Common Vulnerability Scoring System (CVSS), as well as Common Vulnerabilities and Exposures (CVE)
• Demonstrated knowledge of information security programs and operations, data security practices and procedures, and risk identification/assessment
• Strong problem-solving and critical-thinking skills with the ability to diagnose and troubleshoot technical issues
• Working knowledge of general security concepts
• The ability to lead others, including senior leaders and other teams
• A strong desire for continuous process improvement and excellence
• Excellent verbal and written communication skills, including the ability to convey technical details in a clear and understandable manner to a variety of audiences
• Strong planning, time-management, and organizational skills

Desired:

• Knowledge of industry standards and frameworks, including ISO, ITIL, COBIT, and NIST
• Previous experience within the financial sector
• Scripting and Automation experience
• Preferred certifications: GIAC (e.g., GCIH, GCIA, GCFA, etc.), CEH, OSCP, CISSP, or Security+
• Experience with / understanding of different threats to an organization
• Experience working with vulnerability management modules like RSA Archer and ServiceNow

Hours:
Monday-Friday, 8:00AM-4:30PM

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability

Disclaimer

Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Cyber Security Analyst III-IV (Rapid7 Nexpose, InsightVM tool)