Vulnerability Analyst

Job Title: Vulnerability Analyst



Location: Pearl Harbor, HI



Eligibility: Candidate must have an active TS/SCI clearance



Job Description:



This position works directly for the PACAF Defensive Cyber Operations

and Mission Assurance Branch but works with various PACAF AOR personnel

to execute the following duties and responsibilities. The position shall

provide expert support, analysis and research into exceptionally complex

problems, and processes relating to PACAF Theater Vulnerability

Management.



Theater Vulnerability Analyst Requirements are as follows:



Item # Position Requirements



General Position Requirements



TS/SCI security clearance



DoD 8140, the DoD Cyber Workforce Manual Anyone (1) of the following: ☐

Advanced - CISM or CISSO or CPTE or CySA+ or FITSP-A or GCSA or CISA or

CISSP or CISSP-ISSEP or GSLC or GSNA or DoD 8570.1-M certified at IAT

Level 3 - Anyone (1) of the following: ☐ CASP+ CE ☐ CISA ☐ CISSP (or

Associate) ☐ CCSP



Have 2-3 years of experience and the skills required to execute Federal,

National, DoD, USAF CIO, and US State Department Requirements to be able

to assess cyber risk, identify mission sets, and defend the mission.



Have 2-3 years of experience of applying, assessing, and advising MAJCOM

staff and Wings on cybersecurity requirements.



Understand the AF Cyber architecture and PACAF MOBs and GSUs roles.



Ability to travel to PACAF MOBs and GSUs to conduct duties and

responsibilities -at a maximum up to 40% of the time.



Proficiency in Microsoft Office Suite products and SharePoint

collaborative tools.



Training highly preferred prior to starting; however, must have the

ability to obtain within 3 days of starting and maintain certificates of

completion for the following training: ☐ Level 1 Anti-Terrorist Training

- within the past year

https://jkodirect.jten.mil/html/COI.xhtml?course_prefix=JS&course_number=-

US007 ☐ Level A Survival, Evasion, Resistance, and Escape (SERE)

Training - within the past 1-2 years

https://jkodirect.jten.mil/html/COI.xhtml?course_prefix=J3T&course_number

=A-US1329 ☐ USFK Training - no time requirement (only required to be

taken once)

https://jkodirect.jten.mil/html/COI.xhtml?course_prefix=USFK&course_number=

-US171 ☐ DoD Cyber Awareness Challenge - within the past year

https://jkodirect.jten.mil/html/COI.xhtml?course_prefix=DOD&course_number=-

US1364-23 ☐ Operations Security (OPSEC) Awareness - within the past year

https://jkodirect.jten.mil/html/COI.xhtml?course_prefix=PAC&course_number=-

US017 ☐ Derivative Classification IF103.16 - within the past year

https://www.cdse.edu/Training/eLearning/IF103 ☐ Force Protection -

within the past year

https://lms-jets.cce.af.mil/moodle/enrol/index.php?id=12739 COR will

provide update website addresses to the above that may change.



Theater Vulnerability Analyst Requirements



Have 3-4 years of experience conducting Network Vulnerability

Engineering functions.



Expertise in the following DoD, AF, DISA, NIST, NIAP and PACAF

processes: ☐ 3-4 years of experience of DoD approved Scanning Tools

(e.g., ACAS) ☐ 3-4 years of experience of Microsoft SCCM & MECM ☐

Familiarization of End Point Security Point Product requirements ☐

Ability to analyze and develop cyber vulnerability information into an

understandable presentation. ☐ Proficiency in Microsoft Office Suite

products and SharePoint collaborative tools to build trend analysis. ☐

In-depth experience with DISA STIGs and by-product analysis.



Theater Vulnerability Analyst Skills, knowledge, and abilities are as

follow:



Item # Skill, Knowledge, or Ability



Ability to maintain view rights to SIPRNet and NIPRNet vulnerability

tools to analyze and compile data for leadership.



In-depth understanding of current vulnerability management practices and

processes, including scanning, patching, and metric reporting, with the

ability to stay updated on evolving tools, techniques, and industry

standards.



Knowledge and understanding of USAF Methods and Procedures Technical

Order (MPTO) 00-33-1109A, USCYBERCOM Computer Network Defense (CND),

Common Vulnerabilities and Exposures (CVE), Directives, Task Orders

(TASKORDs), Operational Orders (OPORDs), and Information Assurance

Vulnerability Management (IAVM) programs and a like.



Understanding of Host Base Security System (HBSS), Trelix, and Microsoft

Defender for Endpoint (MDE): ☐ How to produce asset lists to identify

devices capable of hosting an ESS agent. ☐ How to produce asset lists to

identify devices not capable of hosting an ESS agent (whitelists). ☐ Ho

to analyze client health status and courses of action to resolve

discrepancies.



Experience conducting discovery scans to identify unknown base assets.



Experience dissecting complex data sets, identify patterns, and draw

actionable conclusions to assess vulnerabilities and recommend

mitigation strategies



Experience maintaining scanning credentials to achieve 98% access rate

on base assets to include Program Management Office (PMO) systems IAW

ACAS BPG.



Experience conducting vulnerability scanning via ACAS/Tenable.sc on 100%

of assets during assigned scan schedule.



Ability to develop innovative solutions to mitigate identified

vulnerabilities, balancing resource constraints and operational needs.



Experience with email, and other collaboration platforms to include but

not limited to MS Teams group chats, MS SharePoint site, and VoIP/VTC

endpoints.



Proficiency with the latest Microsoft tool suite (i.e., PowerPoint,

Excel, Word, etc.).



Ability to lead collaboration efforts effectively across the PACAF AOR.



Ability to brief technical information to both technical and

non-technical audiences.



Experience briefing senior leaders and large audiences.



Excellent Communication skills (Written and Verbal)



Ability to Lead



An understanding of the organizational and functional layout of Pacific

Air Forces (PACAF) command structure within its Area of Responsibility

(AOR) to include Combatant Commands, Wings, Groups, Squadrons, tenant

units, GSUs and MOBs.



Proficiency time management



Proficiency in critical analysis, decision making and problem-solving.

Comprehensive understanding of DOD cybersecurity frameworks and policies

for identifying, analyzing, and prioritizing potential threats and

impact to theater and mission operations, and intel-based response

recommendations (i.e. MITRE Att&ck Framework, Cyber Threat Bulletins

(CTBs) NIST CSF, CJCSI 3020.45B & OPORD 8600.24, TASKORD 17-0106.)