NOVA Corporation is 100% tribally owned by the Navajo Nation.
NOVA Corporation is dedicated to providing outstanding services to its customers and employees. Our strength is in our ability to understand our client's needs and deliver a solution that will not only meet those needs but exceed their expectations.
NOVA Corporation strives to be innovative in all areas of business and is committed to technical excellence. Our corporate offices are located on the Navajo Nation reservation in Window Rock, Arizona, Chambersburg, Pennsylvania, Albuquerque, New Mexico, and Columbia, Maryland.
NOVA Corporation provides unique, custom solutions to meet our customers’ communications needs. Our solutions provide communication capabilities using modern technology. At their most complex, they are multi-purpose systems that gather information from dozens of different sources. The information is presented to decision makers immediately, visually, clearly.
NOVA Corporation will accommodate individuals with disabilities that need assistance applying for open positions.
NOVA Corporation is an equal opportunity/affirmative action employer subject to the Navajo Preference in Employment Act
Under general technical supervision, performs network vulnerability scanning using ACAS, vulnerability analysis, and vulnerability reporting in accordance with the provisions of DoD, DISA, and NIST policies, directives, and guidelines. The associated duties may include, but are not limited to, the following:
• Supports potential security violations and/or incidents by providing vulnerability scan results against target machines.
• Supervises the installation, monitoring, testing, troubleshooting, and administration of the Nessus application.
• Provides target system configuration guidance to customers to ensure successful vulnerability scans.
• Diagnoses and resolves ACAS vulnerability scanning credential failures, false positives, scanning issues, and reporting issues.
• Conducts vulnerability scans, reports, asset creation/modification, and policy creation/modification using ACAS Security Center.
• Comfortable with the Security Center user and administrator interface.
• Creates assets, policies, user accounts, groups, scheduled scans and reports using Security Center.
• Creates scan zones, adds Nessus Servers, and shares/modifies objects using Security Center.
• Ensures Security Center configurations are compliant with DISA Best Practices.
• Conducts vulnerability analysis on common vulnerability exploits (CVEs) to determine if they are applicable to DISAs assets, the impact, the severity, and mitigation techniques.
• Uploads applicable DISA STIG benchmarks to Security Center(s) on a quarterly basis.
• Responsible for performing scheduled and ADHOC vulnerability scans to support planned and upcoming security events (ATOs, site security visits, CCRIs, etc.).
• Conducts analysis across Security Center(s) to determine the current open vulnerabilities, credentials failures, total hosts scanned, and total scans run during a defined frequency.
• Performs daily network vulnerability scanning actions, providing data analysis to stakeholders, and generating technical and executive summary reports.
• Apply knowledge of information security services/analysis concepts, practices and procedures as they relate to vulnerability scanning.
• Conduct analyses of existing ACAS implementations to incorporate requested enhancements.
• Review/analyze requested changes to scans, assets, and credentials, which may impact existing configurations.
• Research current cyber events and/or intrusions for impact to Agency systems.
• Provide input into the design, deployment, and implementation of enterprise vulnerability scanning tools (Security Center and Nessus Server).
• Develop SOP and other technical documentation IAW with current government policy.
• Prepare/conduct acceptance test plans and confirm accompanying results, including the development of vulnerability assessments and functionality.
• Conduct briefings to senior leadership as required by the government.
• Experience with DOD 8510 (DIACAP and RMF), DoD 6510 and 8500 series instructions, and NIST 800 series guidance
• Basic knowledge of common Operating Systems to include, Windows 7/10, Unix, Windows Server 2008/2012, Cisco Routers, Firewalls, Proxies, and Switches
• Basic knowledge of DOD PKI/PKE implementation and related governing policies
• Experience with COTS & GOTS network scanning tools: Tenable Nessus, Tenable Security Center, CMRS, Tenable Nessus Agent/Manager, Tenable Passive Vulnerability Scanner
• Experience with web application scanning and reporting tools (BURP suite)
• Experience with incident management tracking and reporting tools (ITSM)
• Experience with IAVMs, DISA STIGs, POA&Ms, and related Federal/DoD policies and regulations
DoDM 8140-01 (old 8570-01M) IAT Level II certification (CompTIA Security +, CASP, C|eH,or similar)
DoDM 8140.01 (old 8570-01M) IAT Level III certification (CISSP, CISA, or similar)
*MUST BE A U.S. CITIZEN WITH AN ACTIVE TOP SECRET/SSBI CLEARANCE!*
Education: Bachelor’s Degree in computer sciences, information security, or related fields
Experience: Minimum 3-5 years relevant experience, with 1-3 years direct ACAS experience