This job posting is no longer active

Cyber Security Operations Analyst II (Vulnerability Management)

Location: VA Vienna - Headquarters Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

  • FORTUNE 100 Best Companies to Work For®
  • Computerworld® Best Places to Work in IT
  • FORTUNE® Best Workplaces for Millennials
  • Forbes® America’s Best Employers
  • PEOPLE® Companies That Care


Basic Purpose

The Cybersecurity Analyst serves as a subject matter expert to the Vulnerability Assessment program within Navy Federal Credit Union’s Cybersecurity Operations Center, providing procedural expertise to the program. The analyst will work closely with other vulnerability assessment team members to identify threats and vulnerabilities to the organization. The Analyst will partner with additional teams within Navy Federal Credit Union to protect the Navy Federal brand, data, and IT assets from cyber-based threats.


• Expertise in conducting Vulnerability assessments including network, host, web application, wireless network using tools including Nessus, Rapid7 Nexpose, Qualys, Metasploit, Burp Suite, Fortify, Nmap, and HP Webinspect.
• Discover, identify, and track vulnerabilities to assess risks to NFCU information assets. This includes identifying vulnerability false positives and maintaining a vulnerability assessment schedule.
• Conduct Ad-Hoc Risk and Impact assessment of the vulnerabilities found during the scans.
• Provide and support efforts to maintain metrics which includes vulnerability remediation
• Measure the effectiveness of the credit union’s technology safeguards by performing tests to ensure they provide the intended level of protection
• Participate in execution of testing, red teaming, and enforcement of security standards and remediation tracking.
• Build and maintain relationships with other teams, business units, and stakeholders; regularly communicate status to key stakeholders
• Possess the ability to make decisions independently and prioritize assignments and workload
• Ensure staff, at all levels, consistently apply defined processes and procedures to established standards
• Escalate issues to management in a timely manner with appropriate information regarding risk and impact


• Experience in Information Security
• Experience conducting vulnerability assessments and penetration testing
• Expert-level understanding of / experience in the practical application of the vulnerability management lifecycle and associated best practices
• Experience with industry-standard vulnerability management tools, including but not limited: to Rapid7 Nexpose and Metasploit Pro, Nessus, Qualys, Burp Suite, Webinspect, and HP Fortify
• An understanding of the vulnerability identification, analysis, and scoring standard Common Vulnerability Scoring System (CVSS), as well as Common Vulnerabilities and Exposures (CVE)
• Demonstrated knowledge of information security programs and operations, data security practices and procedures, and risk identification/assessment
• Experience in conducting Risk and Impact assessment of identified vulnerabilities
• Experience in web application security testing including OWASP’s top ten
• Strong problem-solving and critical-thinking skills with the ability to diagnose and troubleshoot technical issues
• Working knowledge of general security concepts
• The ability to lead others, including senior leaders and other teams
• A strong desire for continuous process improvement and excellence
• Excellent verbal and written communication skills, including the ability to convey technical details in a clear and understandable manner to a variety of audiences
• Strong planning, time-management, and organizational skills


• Knowledge of industry standards and frameworks, including NIST,PCI,  ISO, OWASP, and COBIT
• Experience in  NIST continuous  monitoring and Continuous Diagnostics Mitigation process
• Previous experience within the financial sector
• Scripting and automation experience
• Possess GIAC (e.g., GCIH, GCIA, GCFA, etc.), CEH, OSCP, or comparable certifications.
• Experience with / understanding of different threats to an organization
• Experience with ServiceNow and/or other IT Asset Management tools

Hours: Monday - Friday, 8:00am - 4:30pm

Location: 820 Follin Lane, Vienna, VA 22180

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.