Critical Assets and Key Vulnerabilities Analyst
The Critical Assets and Key Vulnerabilities Analyst shall provide advice and expert guidance on security issues affecting business processes and procedures exploitable by insiders. These business processes and procedures include but are not limited to the electronic processing, transmittal, and storage of sensitive and classified information. What does a typical day look like for the Critical Assets and Key Vulnerabilities Analyst?Maintain a centralized database of corporate assets, including where they reside, the protections in place, and potential vulnerabilities.Perform regular threat cycle reviews, at least annually, to assess shifting or emerging threats and any associated vulnerabilities.Assess the most critical assets and/or those exhibiting high vulnerabilities.Coordinate with FBI entities to assess and mitigate key vulnerabilities.Ensure FBI Executive Management is informed of key vulnerabilities which could be exploited by insider threats.Ensure FBI Executive Management is informed of progress on mitigating key vulnerabilities.Communicate clearly and effectively, both orally and in writing.Prepare complete, clear, and concise formal and informal reports, correspondence, briefings, charts, tables and graphs.Identify the impacts and effects of study findings and make recommendations.Assess and improve the effectiveness of programs, complex management processes, systems, and procedures.What qualifications do you look for?A TS/SCI clearance.A bachelor's degree.5+ years of work experience in national security or security-related matters. Experience with assessing risks in business processes including those with IT systems; a critical thinker and solution finder for complex IT security situations and/or business processes vulnerable to insider threats. Experience with IT monitoring tools; configuration management;' managing or maintaining user accounts and system privileges; risk and vulnerability assessments; operation threat assessments. Knowledge of network protocols; network security; information assurance management; cybersecurity capability validations; automated vulnerability scanning tools.