By Light Professional IT Services

  • Cyber Vulnerability Management Compliance Analyst (TS/SCI)

    Job Locations US-MD-Fort Meade
    # of Openings
    Information Technology
  • Overview

    By Light is hiring a Cyber Vulnerability Management Compliance Analyst to join our team supporting a DOD customer. This position will track vulnerability management operations and interface with Combatant Commands, Services, Agencies, and Field Activities (CC/S/A/FA) to compile statistics and generate reports on compliance levels.


    By Light provides a broad range of hardware, software, engineering, and IT integration services. Headquartered in Arlington, VA, we support defense, civilian, commercial, and health IT customers worldwide. We offer an excellent benefits package that includes: medical, dental, vision, life and disability insurance, paid time off, paid holidays, 401(k), and profit sharing.


    • Communicate (written and oral) with CC/S/A/FAs concerning cyber vulnerability management (CVM) compliance status including their current status, POA&M, technical requirements for their systems, policy and program details and changes.
    • Utilize a vulnerability management system and any follow-on systems to properly upload information, generate reports, and review POA&M for vulnerability compliance tracking.
    • Provide compliance information to the various DOD directorates to support operations. 
    • Compile vulnerability compliance reports and briefings associated with affected and non-affected DoD assets to produce weekly, monthly, and annual reports/matrix/metrics including, but not limited to monthly POA&M audits and watch lists.
    • Develop and provide technical review for CVM products including POA&M audits and incidents resulting from unmitigated vulnerabilities for Government review. 
    • Provide leadership with information on CVM compliance.
    • Develop, staff, and maintain accurate orders including but not limited to WARNORDs, OPORDs, TASKORDs, and FRAGOs.
    • Be knowledgeable of current and planned CVM technologies and perform duties related to the CVM Program, HBSS, Continuous Monitoring and other automated technologies.
    • Maintain CVM program, policy, and direct their implementation.


    • Previous tools experience working with ArcSight, Splunk, PCAP, JIMS or equivalent toolsets.
    • Technical understanding in some of the following areas: network communication using TCP/IP protocols, basic system administration, basic understanding of malware (malware communication installation, or malware types), or intermediate knowledge of computer network defense operations (proxy, firewall, IDS/IPS, router/switch, or open source information collection).
    • Experience in an Operations Center providing Senior Leaders specified reports based on information received from supporting units.
    • Have working knowledge of threat and vulnerability analysis, routing protocols, routing, intrusion detection systems, intrusion protection systems, Domain Name Service, or network traffic analysis.
    • Critical/logical thinking skills.
    • Experience working with the Intelligence Community and priority intelligence requirements.
    • Advanced communications and presentations skills (verbal and written) enabling precise conveyance of information across all CC/S/A/FA with command and proper enunciation of the English language.

    Preferred Qualifications

    • Currently possess DoD 8570 IAT Level II certification (Security+ or equivalent).
    • ITIL v3 Foundation certified.

    Special Requirements/Security Clearance

    • Current TS/SCI security clearance and eligible for C/I Polygraph.

    An Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities



    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed