• Pursuing bachelor's degree or equivalent work experience

• Five + years of relevant/recent experience with Microsoft Windows Server, .NET Framework, IIS, and cybersecurity.
• Three + years of relevant/recent experience with Microsoft Office products.

• Current 8570/8140 requirement certification  

• Active Secret Clearance

• Serve as an OS technical specialist for assets connected to isolated & cloud environments, NIPRNet and SIPRNet, to support cybersecurity and IT services.
• Serve as technical specialist for assets connected to isolated environments to support cybersecurity and IT services. Review, identify, and report problems with the installation and operations of assets to include system options, software used and not used, default security controls that are enabled, disabled, or bypassed, and system wide options or parameters that may create security vulnerabilities. Determine the impact and risk of submitted change requests prior to implementation and participate in meetings to provide cyber oversight for OS changes that affect the level of risk. Recommend security countermeasures to mitigate identified risks.
• Determine the impact and risk of submitted change requests prior to implementation and participate in meetings to provide cyber oversight for changes that affect the level of risk.
• Recommend security countermeasures to mitigate identified risks.

• Identify, monitor, analyze, report, and brief status of all OS vulnerabilities to include, but not limited to, Windows, Unix, Mainframe, Network Devices, Cloud Technologies and Other.
• Ensure high risk and high severity vulnerabilities are managed with increased visibility and escalated.
• Analyze, validate, monitor, and report compliance status of DoD and DISA directives and orders.

• Analyze mission requirements and organizational feedback to improve vulnerability reports and processes.
• Provide recommendations for OS vulnerability analysis, guidance, deficiency resolution, and implementation suggestions to DISA customers and Mission Partners.

• Assess, audit, review, analyze, validate, and report OS, SRG, and STIG vulnerabilities, and ensure security controls are implemented within OS IAW DoD, DISA, and industry cybersecurity policies and procedures.
• Evaluate discrepancies as they relate to policy, orders and OS, SRG, and/or STIGs, and document recommended additions, deletions, or changes.
• Identify and report the need to add technical guidance for modification of policies and orders.
• Review and validate the installation and configuration of cyber tools on assets, and report deficiencies.
• Review OS, SRG, and/or STIGs as updates are released, and report changes with the potential to have significant impact.
• Participate in audits and provide documentation (up to daily).

Deliverables:

• Daily/weekly/monthly/quarterly/annual vulnerability analysis reports
• Also includes Deliverables that apply to all tasks listed in section 6, Performance Requirements.