2,357 Security Analysis jobs in the United States

_This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub._
**Overview:**
Responsible for conducting detailed analysis of vulnerabilities and recommendations on remediation plans to ensure the integrity and resilience of organization's security and information systems. Serves as senior experienced vulnerability analyst by auditing analysis and reports, serving as an escalation point, and training newer/less-experienced analysts.
**Primary Responsibilities:**
+ Refine testing methodologies for vulnerability scanning to provide comprehensive risk-based view of potential vulnerabilities and may lead implementation of new methodologies within team.
+ Create configuration scanning plans that ensure compliance with internal policies and best practices; lead configuration scanning of most systems and networks and build remediation plan for identified vulnerabilities.
+ Organize monitoring techniques to monitor database activities and performance and manage responses to detected issues with cross-functional team.
+ Lead analysis of active and network vulnerability scans to identify potential exploits, misconfigurations, and attacks; partner with cross-functional team to execute remediation plans.
+ In partnership with technology and risk, develop vulnerability management policies and standards and educate technology teams on how integrate into to developing, deploying, and monitoring infrastructure.
+ Design infrastructure testing frameworks that ensure technology teams are developing and deploying infrastructure in alignment with policies and standards.
+ Formulate and recommend advanced best practices to technology teams on how to improve or implement new security practices, tools, and techniques based on industry standards and latest vulnerabilities to protect the bank from vulnerabilities.
+ Produce and interpret advanced reporting with recommendations for cybersecurity and technology leadership, including but not limited to audit reports identifying technical and procedural findings, common vulnerability score, and datasets for regulatory reporting.
+ Understand and adhere to the Company's risk and regulatory standards, policies, and controls in accordance with the Company's Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
+ Promote an environment that supports belonging and reflects the M&T Bank brand.
+ Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
+ Complete other related duties as assigned.
**Scope of Responsibilities:**
+ Partners with peers, manager, cybersecurity organization, technology teams, people leaders, and line of business teams
+ Determines and develops approach to solutions. Work is accomplished with periodic check-ins for alignment and limited direction. Work is evaluated upon completion to ensure objectives have been met.
+ Advanced knowledge of all vulnerability scanning and assessment tools
+ Advanced understanding of multiple vulnerability scanning and assessment tools
+ Subject matter expert understanding of industry best practices related to vulnerability and patch management.
+ Trains analyst to advanced level knowledge of vulnerability scanning and assessment tools, and industry best practices.
+ Second highest individual contributor escalation point in team
**Manager Responsibilities:**
No supervisory responsibilities.
**Education and Experience Required:**
+ Bachelor's degree and a minimum of 3 years' relevant work experience, or in lieu of a degree, a combined minimum of 7 years' higher education and/or work experience
+ Excellent written and verbal communication skills
+ Strong ability to effectively communicate technical information to both non-technical and technical stakeholders, including up to senior leadership in Cybersecurity.
+ Experience effectively collaborating with leadership and with peers across the organization.
+ Prior experience with and demonstrable aptitude for quickly learning new technical skills.
**Education and Experience Preferred:**
+ Advanced certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), OffSec Certified Professional (OSCP), or Cybersecurity domain-related industry-recognized certification (DoD Level II)
+ Demonstrated experience working in a highly regulated industry (e.g., finance, healthcare, government)
+ Experience evaluating, analyzing, and synthesizing large quantities of data (which may be fragmented and contradictory) and accurately determining the potential range and scope of threats and contributing towards intelligence reporting.
+ Proficient level of thinking critically and solving problems
+ Intermediate understanding of advanced vulnerability concepts and practices, such as vulnerability management solutions, asset identification and management, and mitigation management
+ Experience training analysts to ensure they have intermediate knowledge of and how to use security monitoring systems.
#LI-JB3
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $93,581.10 - $155,968.51 Annual (USD). The successful candidate's particular combination of knowledge, skills, and experience will inform their specific compensation.
**Location**
Buffalo, New York, United States of America
M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.

Summary:

1/ MissionProtect Meta and its community by measuring and mitigating AI-driven cybersecurity risks, and harnessing AI to drive innovation in cybersecurity.2/ VisionEvaluate: CyberSecEval is the leading and preferred system for assessing cybersecurity risks in Large Language Models and LLM enabled applications, and enables timely evaluation and safe release of all of Meta's LLMs.Defend: Detect and reduce security risks across 100% of Meta GenAI experiences.Deploy: Meta Central Security is equipped with efficient and effective AI applications that are also open sourced, further cementing Meta and the Llama brand at the forefront of industry use of AI to solve cybersecurity challenges.3/ StrategyEmpower the ecosystem with defensive tools (such as voice-based scam detection) to enable responsible OSS release of new models.Expand the conversation from the current narrow focus on Attacker uplift to include Defender uplift, by expanding CyberSecEval and releasing Defender use cases.Defend Meta from the highest impact insecure LLM interactions that are:currently being conductednecessary to be in place for secure and timely release of upcoming AI experiencesPrototype and experiment with applications of LLMs throughout X-Sec, working within X-Sec partner teams to productionize and scale highest impact solutions, and open source solutions that are applicable to security use cases outside of Meta.Partner with industry organizations to (a) co-develop solutions in the above areas and/or (b) explicitly adopt the solutions Meta releases.External description1/ MissionEnsure the safe adoption of LLMs by continuously measuring and mitigating their cybersecurity risks.2/ VisionLlamaFirewall: A foundational system designed to detect and prevent insecure LLM inputs and outputs and which we will maintain and grow over time as the AI landscape evolves.CyberSecEval: A foundational system for assessing cybersecurity risks in LLMs which we will also build upon and adapt to the dynamic and growing AI risk environment.

Required Skills:

Security Engineer, AI Security Threat Analysis and Reporting Responsibilities:

1. Work directly with product managers and technical leads on threat models and reporting for Meta's AI products

2. Develop quarterly AI threat modeling reports delivered to Meta AI leadership

3. Provide guidance and education to developers that help deter and prevent threats

4. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers

5. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world

Minimum Qualifications:

Minimum Qualifications:

1. Bachelor of Science or Master of Science in Computer Science or related field, or equivalent experience

2. 5+ years of work experience in Security Threat Detection and Investigation Engineering in a large, regulated organization

3. In-depth subject-matter knowledge in technical and process regarding Security Operations and Threat Reporting

4. Experience developing and delivering information on threat intelligence reports and program status for leadership

5. Experience analyzing both external and insider threats

6. Coding/scripting experience in one or more general purpose languages

Public Compensation:

$147,000/year to $208,000/year + bonus + equity + benefits

Industry: Internet

Equal Opportunity:

Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment.

Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at

Summary:

1/ MissionProtect Meta and its community by measuring and mitigating AI-driven cybersecurity risks, and harnessing AI to drive innovation in cybersecurity.2/ VisionEvaluate: CyberSecEval is the leading and preferred system for assessing cybersecurity risks in Large Language Models and LLM enabled applications, and enables timely evaluation and safe release of all of Meta's LLMs.Defend: Detect and reduce security risks across 100% of Meta GenAI experiences.Deploy: Meta Central Security is equipped with efficient and effective AI applications that are also open sourced, further cementing Meta and the Llama brand at the forefront of industry use of AI to solve cybersecurity challenges.3/ StrategyEmpower the ecosystem with defensive tools (such as voice-based scam detection) to enable responsible OSS release of new models.Expand the conversation from the current narrow focus on Attacker uplift to include Defender uplift, by expanding CyberSecEval and releasing Defender use cases.Defend Meta from the highest impact insecure LLM interactions that are:currently being conductednecessary to be in place for secure and timely release of upcoming AI experiencesPrototype and experiment with applications of LLMs throughout X-Sec, working within X-Sec partner teams to productionize and scale highest impact solutions, and open source solutions that are applicable to security use cases outside of Meta.Partner with industry organizations to (a) co-develop solutions in the above areas and/or (b) explicitly adopt the solutions Meta releases.External description1/ MissionEnsure the safe adoption of LLMs by continuously measuring and mitigating their cybersecurity risks.2/ VisionLlamaFirewall: A foundational system designed to detect and prevent insecure LLM inputs and outputs and which we will maintain and grow over time as the AI landscape evolves.CyberSecEval: A foundational system for assessing cybersecurity risks in LLMs which we will also build upon and adapt to the dynamic and growing AI risk environment.

Required Skills:

Security Engineer, AI Security Threat Analysis and Reporting Responsibilities:

1. Work directly with product managers and technical leads on threat models and reporting for Meta's AI products

2. Develop quarterly AI threat modeling reports delivered to Meta AI leadership

3. Provide guidance and education to developers that help deter and prevent threats

4. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers

5. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world

Minimum Qualifications:

Minimum Qualifications:

1. Bachelor of Science or Master of Science in Computer Science or related field, or equivalent experience

2. 5+ years of work experience in Security Threat Detection and Investigation Engineering in a large, regulated organization

3. In-depth subject-matter knowledge in technical and process regarding Security Operations and Threat Reporting

4. Experience developing and delivering information on threat intelligence reports and program status for leadership

5. Experience analyzing both external and insider threats

6. Coding/scripting experience in one or more general purpose languages

Public Compensation:

$147,000/year to $208,000/year + bonus + equity + benefits

Industry: Internet

Equal Opportunity:

Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment.

Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at

**Summary:**
1/ MissionProtect Meta and its community by measuring and mitigating AI-driven cybersecurity risks, and harnessing AI to drive innovation in cybersecurity.2/ VisionEvaluate: CyberSecEval is the leading and preferred system for assessing cybersecurity risks in Large Language Models and LLM enabled applications, and enables timely evaluation and safe release of all of Meta's LLMs.Defend: Detect and reduce security risks across 100% of Meta GenAI experiences.Deploy: Meta Central Security is equipped with efficient and effective AI applications that are also open sourced, further cementing Meta and the Llama brand at the forefront of industry use of AI to solve cybersecurity challenges.3/ StrategyEmpower the ecosystem with defensive tools (such as voice-based scam detection) to enable responsible OSS release of new models.Expand the conversation from the current narrow focus on Attacker uplift to include Defender uplift, by expanding CyberSecEval and releasing Defender use cases.Defend Meta from the highest impact insecure LLM interactions that are:currently being conductednecessary to be in place for secure and timely release of upcoming AI experiencesPrototype and experiment with applications of LLMs throughout X-Sec, working within X-Sec partner teams to productionize and scale highest impact solutions, and open source solutions that are applicable to security use cases outside of Meta.Partner with industry organizations to (a) co-develop solutions in the above areas and/or (b) explicitly adopt the solutions Meta releases.External description1/ MissionEnsure the safe adoption of LLMs by continuously measuring and mitigating their cybersecurity risks.2/ VisionLlamaFirewall: A foundational system designed to detect and prevent insecure LLM inputs and outputs and which we will maintain and grow over time as the AI landscape evolves.CyberSecEval: A foundational system for assessing cybersecurity risks in LLMs which we will also build upon and adapt to the dynamic and growing AI risk environment.
**Required Skills:**
Security Engineer, AI Security Threat Analysis and Reporting Responsibilities:
1. Work directly with product managers and technical leads on threat models and reporting for Meta's AI products
2. Develop quarterly AI threat modeling reports delivered to Meta AI leadership
3. Provide guidance and education to developers that help deter and prevent threats
4. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers
5. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world
**Minimum Qualifications:**
Minimum Qualifications:
6. Bachelor of Science or Master of Science in Computer Science or related field, or equivalent experience
7. 5+ years of work experience in Security Threat Detection and Investigation Engineering in a large, regulated organization
8. In-depth subject-matter knowledge in technical and process regarding Security Operations and Threat Reporting
9. Experience developing and delivering information on threat intelligence reports and program status for leadership
10. Experience analyzing both external and insider threats
11. Coding/scripting experience in one or more general purpose languages
**Public Compensation:**
$147,000/year to $208,000/year + bonus + equity + benefits
**Industry:** Internet
**Equal Opportunity:**
Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment.
Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at

**Summary:**
1/ MissionProtect Meta and its community by measuring and mitigating AI-driven cybersecurity risks, and harnessing AI to drive innovation in cybersecurity.2/ VisionEvaluate: CyberSecEval is the leading and preferred system for assessing cybersecurity risks in Large Language Models and LLM enabled applications, and enables timely evaluation and safe release of all of Meta's LLMs.Defend: Detect and reduce security risks across 100% of Meta GenAI experiences.Deploy: Meta Central Security is equipped with efficient and effective AI applications that are also open sourced, further cementing Meta and the Llama brand at the forefront of industry use of AI to solve cybersecurity challenges.3/ StrategyEmpower the ecosystem with defensive tools (such as voice-based scam detection) to enable responsible OSS release of new models.Expand the conversation from the current narrow focus on Attacker uplift to include Defender uplift, by expanding CyberSecEval and releasing Defender use cases.Defend Meta from the highest impact insecure LLM interactions that are:currently being conductednecessary to be in place for secure and timely release of upcoming AI experiencesPrototype and experiment with applications of LLMs throughout X-Sec, working within X-Sec partner teams to productionize and scale highest impact solutions, and open source solutions that are applicable to security use cases outside of Meta.Partner with industry organizations to (a) co-develop solutions in the above areas and/or (b) explicitly adopt the solutions Meta releases.External description1/ MissionEnsure the safe adoption of LLMs by continuously measuring and mitigating their cybersecurity risks.2/ VisionLlamaFirewall: A foundational system designed to detect and prevent insecure LLM inputs and outputs and which we will maintain and grow over time as the AI landscape evolves.CyberSecEval: A foundational system for assessing cybersecurity risks in LLMs which we will also build upon and adapt to the dynamic and growing AI risk environment.
**Required Skills:**
Security Engineer, AI Security Threat Analysis and Reporting Responsibilities:
1. Work directly with product managers and technical leads on threat models and reporting for Meta's AI products
2. Develop quarterly AI threat modeling reports delivered to Meta AI leadership
3. Provide guidance and education to developers that help deter and prevent threats
4. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers
5. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world
**Minimum Qualifications:**
Minimum Qualifications:
6. Bachelor of Science or Master of Science in Computer Science or related field, or equivalent experience
7. 5+ years of work experience in Security Threat Detection and Investigation Engineering in a large, regulated organization
8. In-depth subject-matter knowledge in technical and process regarding Security Operations and Threat Reporting
9. Experience developing and delivering information on threat intelligence reports and program status for leadership
10. Experience analyzing both external and insider threats
11. Coding/scripting experience in one or more general purpose languages
**Public Compensation:**
$147,000/year to $208,000/year + bonus + equity + benefits
**Industry:** Internet
**Equal Opportunity:**
Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment.
Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at

**Summary:**
1/ MissionProtect Meta and its community by measuring and mitigating AI-driven cybersecurity risks, and harnessing AI to drive innovation in cybersecurity.2/ VisionEvaluate: CyberSecEval is the leading and preferred system for assessing cybersecurity risks in Large Language Models and LLM enabled applications, and enables timely evaluation and safe release of all of Meta's LLMs.Defend: Detect and reduce security risks across 100% of Meta GenAI experiences.Deploy: Meta Central Security is equipped with efficient and effective AI applications that are also open sourced, further cementing Meta and the Llama brand at the forefront of industry use of AI to solve cybersecurity challenges.3/ StrategyEmpower the ecosystem with defensive tools (such as voice-based scam detection) to enable responsible OSS release of new models.Expand the conversation from the current narrow focus on Attacker uplift to include Defender uplift, by expanding CyberSecEval and releasing Defender use cases.Defend Meta from the highest impact insecure LLM interactions that are:currently being conductednecessary to be in place for secure and timely release of upcoming AI experiencesPrototype and experiment with applications of LLMs throughout X-Sec, working within X-Sec partner teams to productionize and scale highest impact solutions, and open source solutions that are applicable to security use cases outside of Meta.Partner with industry organizations to (a) co-develop solutions in the above areas and/or (b) explicitly adopt the solutions Meta releases.External description1/ MissionEnsure the safe adoption of LLMs by continuously measuring and mitigating their cybersecurity risks.2/ VisionLlamaFirewall: A foundational system designed to detect and prevent insecure LLM inputs and outputs and which we will maintain and grow over time as the AI landscape evolves.CyberSecEval: A foundational system for assessing cybersecurity risks in LLMs which we will also build upon and adapt to the dynamic and growing AI risk environment.
**Required Skills:**
Security Engineer, AI Security Threat Analysis and Reporting Responsibilities:
1. Work directly with product managers and technical leads on threat models and reporting for Meta's AI products
2. Develop quarterly AI threat modeling reports delivered to Meta AI leadership
3. Provide guidance and education to developers that help deter and prevent threats
4. Bug Bounty: Help provide technical guidance to our world class bug bounty program and independent security researchers
5. Industry Impact: Push the industry forward through conference talks and open source projects to contribute broadly to security for the world
**Minimum Qualifications:**
Minimum Qualifications:
6. Bachelor of Science or Master of Science in Computer Science or related field, or equivalent experience
7. 5+ years of work experience in Security Threat Detection and Investigation Engineering in a large, regulated organization
8. In-depth subject-matter knowledge in technical and process regarding Security Operations and Threat Reporting
9. Experience developing and delivering information on threat intelligence reports and program status for leadership
10. Experience analyzing both external and insider threats
11. Coding/scripting experience in one or more general purpose languages
**Public Compensation:**
$147,000/year to $208,000/year + bonus + equity + benefits
**Industry:** Internet
**Equal Opportunity:**
Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment.
Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at

Penetration Tester/Vulnerability Assessment Specialist

Join to apply for the Penetration Tester/Vulnerability Assessment Specialist role at Inferno Systems, Inc.

Penetration Tester/Vulnerability Assessment Specialist

5 months ago Be among the first 25 applicants

Join to apply for the Penetration Tester/Vulnerability Assessment Specialist role at Inferno Systems, Inc.

Location: McLean, VA US

Security Clearance Requirement: TS/SCI with Full Scope Polygraph

Clearance Status: Must be Current

Job Description

Inferno Systems is currently looking to hire individuals for our Vulnerability Assessment positions. Candidates should have a minimum of 7+ years experience performing vulnerability assessments or any related fields such as penetration testing. Candidates must possess the required skills listed below. Candidates with experience in any of the desired skills and technologies below would be a plus but are not required.

Job Summary

We are looking for Vulnerability Assessment professionals whose work will directly impact U.S. policymakers, military officials and law enforcement agencies. You will use both COTS and GOTS software to identify vulnerabilities, assess impact and determine remediation actions based on your findings. You will be able to use a variety of techniques to determine impact and remediation steps for specific customer environments and scenarios. Your work will have high visibility among our customers and they will look to you for expertise, guidance, operational understanding and methods and plans to achieve mission success. In addition, this position will provide the opportunity to grow into more challenging roles with higher levels of technical expertise in the penetration testing field.

Required Skills

• Solid understanding of networking, TCP/IP, and application level protocols such as HTTP/S.
• Ability to create and operate virtual machines in different virtual environments such as VMware vSphere, Virtual Box and/or others.
• Demonstrated real world experience performing grey and black box security assessments.
• General understanding of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open source exfiltration techniques.
• Experience using security assessment tools such as Nessus, BurpSuite and others.
  
  

Any candidate with experience with any desired skills and technologies below would be a plus but are not required.

Desired Skills

• Malware analysis or digital computer forensics experience is a plus.
• Cyber related Law Enforcement or Counterintelligence experience.
• Existing Subject Matter Expert of Advanced Persistent Threats and Emerging Threats.
• Proactive interest in emerging technologies and techniques related to penetration testing.
• Understanding of risk planning and mitigation strategies.
• Ability to prepare and present documents and briefing materials.
• Experience performing Red Team and/or Blue Team Operations.
  
  

Familiarity using at least 3 of the below types of Operating Systems:

• Microsoft Windows (7 - 10, Server 2008-2016)
• UNIX (Solaris, HP-UX, etc.,) Operating System versions
• Common Linux distributions including RHEL / CentOS and Debian / Ubuntu
• OSX / iOS and Android
• VMware / ESXi / KVM / OpenVZ or other virtualized environments
• BSD variant Operating Systems versions
  
  

Software / Scripting

• Java / C++ / C
• Bash / Perl / Powershell / Python
  
  

Wireless

• WiFi/WiMax/Bluetooth technology (hardware or core software)
• Wired telephony technology (hardware or core software)
• Mobile telephony technology (hardware or core software)
  
  

Ubiquitous Core Network Devices (switch/router/hub, Hardware Or Core Software)

• Cisco
• Juniper
• Common firewalls and security appliances
  
  

Web Penetration Testing

• Common web application vulnerabilities like XSS, CSRF, Command Injection, SQLi, single sign-on limitations, etc.
  
  

Tools

• Proficiency in any of the following: PowerShell Empire, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, IPTables, Sysinternals, A/V evasion methodologies, exploit development.
  
  

Certifications

• Advanced GIAC and/or (ISC)2 network/cyber security specialties such as OSCP, OSCE, GPEN, GWAPT, GPEN, GXPN, CEH, CISSP.

Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Information Technology
• Industries Computer and Network Security

Referrals increase your chances of interviewing at Inferno Systems, Inc. by 2x

Ashburn, VA $85,150.00-$53,925.00 1 week ago

Reston, VA 70,000.00- 85,000.00 1 week ago

Herndon, VA 90,000.00- 115,000.00 1 week ago

Mid-Level Cybersecurity Analyst/Engineer Security Operations Center (SOC) Analyst - Mid Security Operations Center (SOC) Analyst 2027415 Cyber Security Engineer 215,000.00

Tysons Corner, VA 10,000.00- 215,000.00 1 day ago

Security (SOC) Analyst, Secret Clearance Required

Herndon, VA 70,000.00- 76,000.00 1 week ago

Junior Cybersecurity Threat Intelligence Analyst Junior Cybersecurity SIEM Monitoring Analyst 2027414 Cyber Security Engineer 195,000.00

Herndon, VA 10,000.00- 195,000.00 1 day ago

Security Operations Center (SOC) Analyst

Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

**Responsibilities & Qualifications**
**ACTIVITIES & RESPONSIBILITIES**
Assist the Government in managing Enterprise Information System Vulnerability Management (ISVM) compliance validation; briefing leadership on current and future vulnerabilities, security policies and industry standards; briefing leadership on most impactful vulnerabilities, configurations, and penetration testing efforts; creating and managing all scans in accordance with the scan standardization documentation; performing regularly scheduled (monthly and ad hoc) vulnerability assessments using a master schedule as directed; managing, customizing, and maintaining scan policies, zones, and repositories as they relate to the network; performing scan functions and review scan results to ensure accurate findings; and creating and customizing scan reports and data feeds to be imported / integrated into third party assessment tools. Assist the Government in employing ad hoc or emergency VA scanning to support targeted incident investigation, escalation, and emergency response to security events in accordance with documented procedures. Assist the Government in performing Penetration Testing Support.
**SKILLS**
+ Analyzing vulnerabilities and providing assessments and remediation instructions
+ Knowledgeable to maintain a repository of VA application issues and report application issues to Government VAT Team Lead and SSD Director in applying Information Systems Security principles and methods
+ Experience with Application Security implementation
+ Understanding of Firewall Management and Advanced Threat Protection
+ Familiarity with Access Control, Authorization, Intrusion Prevention and Intrusion Detection
+ Familiar with Protocol Analysis and requirements when handling sensitive and classified Information
+ Familiar with FISMA compliance and Risk Management Framework
+ Support Cyber Briefs for all vulnerability assessment team activities.
+ Assist the Government in providing Vulnerability Assessment, Compliance, and Reporting support to ISSO / ISSM interpreting scan results and recommend remediation plans.
+ Experience with cloud- based security technologies, architecture, and computing and searching, monitoring, and analyzing machine-generated big data is preferred.
**REQUIRED QUALIFICATIONS**
+ Clearance requirement: Secret
+ Experience: Minimum of 5 years' experience performing vulnerability assessments for an enterprise network
+ Education: Bachelor's of Science in computer engineering, computer science, IT or cyber security preferred (or 5 years of relevant work experience in lieu of a degree)
+ Certifications: one of the following certifications: Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP)
**Overview**
We are seeking an experienced **Vulnerability Assessment (VA) Team Lead** in support of a government customer to join our team to provide Security Operations Support (SOC) Services to a government agency whose mission is to protect our Nation's borders from terrorist attacks, to provide law enforcement for over forty (40) Federal agencies, and to protect the revenue of the United States while facilitating trade. The SOC is a single point of management and reporting for information security incidents. The SOC exists to prevent, identify, contain, and eradicate cyber threats to networks through monitoring, intrusion detection, and protective security services to information systems, including local area networks / wide area networks (LAN / WAN), commercial Internet connection, public facing websites, wireless, mobile / cellular, cloud, security devices, servers, and workstations. The SOC is responsible for the overall security of Enterprise-wide information systems and collects, investigates, and reports any suspected and confirmed security violations.
TekSynap is a fast-growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. "Technology moving at the speed of thought" embodies these principles - the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers.
We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays.
Visit us at .
Apply now to explore jobs with us!
The safety and health of our employees is of the utmost importance. Employees are required to comply with any contractually mandated Federal COVID-19 requirements. More information can be foundhere ( .
By applying to a role at TekSynap you are providing consent to receive text messages regarding your interview and employment status. If at any time you would like to opt out of text messaging, respond "STOP".
"As part of the application process, you agree that TekSynap Corporation may retain and use your name, e-mail, and contact information for purposes related to employment consideration".
**Additional Job Information**
**WORK ENVIRONMENT AND PHYSICAL DEMANDS**
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of the job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
+ Location: Ashburn Virginia
+ Remote or In-Person: 100% On site. Remote/Telework not available.
+ Type of environment: Office
+ Noise level: Medium
+ Work schedule: Schedule is day shift Monday - Friday.
+ Amount of Travel: Some travel may be required
**PHYSICAL DEMANDS**
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
**WORK AUTHORIZATION/SECURITY CLEARANCE**
Top Secret (SCI eligible)
**OTHER INFORMATION**
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
TekSynap is a drug-free workplace. We reserve the right to conduct drug testing in accordance with federal, state, and local laws. All employees and candidates may be subject to drug screening if deemed necessary to ensure a safe and compliant working environment.
**EQUAL EMPLOYMENT OPPORTUNITY**
In order to provide equal employment and advancement opportunities to all individuals, employment decisions will be based on merit, qualifications, and abilities. TekSynap does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age, genetic information, or any other characteristic protected by law (referred to as "protected status"). This nondiscrimination policy extends to all terms, conditions, and privileges of employment as well as the use of all company facilities, participation in all company-sponsored activities, and all employment actions such as promotions, compensation, benefits, and termination of employment.
**Job Locations** _US-VA-Ashburn_
**ID** _2025-8023_
**Category** _Technical Support/Help Desk_
**Type** _Regular Full-Time_

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients' best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together.

About Our Team:

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program - one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.

Position Overview:

The Release Vulnerability Assessment Senior Manager is a senior management level position responsible for accomplishing results through the management of a team or department in an effort to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities:

• Managing vulnerability assessments on release cycle to ensure completion and ready for sign off prior to production

• Establish and manage security solutions for a functional area

• Develop Corrective Action Plans for all IS gaps and monitor discovered issues to completion

• Facilitate the implementation of approved IS tools and identify and propose new or improved security solutions or emerging technologies

• Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures

• Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response

• Communicate and discuss changes to IS regulations and standards with Business and Program owners

• Manage project deadlines, deliverables, planning, budgeting and policy formulation for the team, including short-term resource planning

• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.

Qualifications:

• 6+ years of relevant experience in information security domain

• Experience with Jira and Database knowledge preferred

• Release vulnerability assessment experience highly preferred

• Additional technical or security certifications preferred

• Consistently demonstrates clear and concise written and verbal communication

• Proven influencing and relationship management skills

• Proven analytical skills

Education:

• Bachelor's degree/University degree or equivalent experience

• Master's degree preferred

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Job Family Group:

Technology

Job Family:

Information Security

Time Type:

Full time

Primary Location:

Jacksonville Florida United States

Primary Location Full Time Salary Range:

$113,840.00 - $170,760.00

In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

Most Relevant Skills

Please see the requirements listed above.

Other Relevant Skills

Information Security.

Anticipated Posting Close Date:

Aug 02, 2025

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi ( .

View Citi's EEO Policy Statement ( and the Know Your Rights ( poster.

Citi is an equal opportunity and affirmative action employer.

Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.