Perform vulnerability analysis and management and data analysis for all enterprise and cloud enclaves. The contractor shall generate vulnerability data. Vulnerability data generation is completed via multiple NGA accepted vulnerability tools(software and hardware) used either remotely or locally on the systems to ensure compliance and to identify security holes, risks, threats and gaps as part of the overarching vulnerability management mission.
Constantly monitor, log, and track all NGA systems for vulnerabilities.
Certification and vulnerability data generation shall be run with minimal to zero impact on network and systems performance.
Conduct vulnerability analysis on each Enterprise network monthly for IAVM compliance and produce an IAVM compliance report.
Conduct analysis for network security compliance in accordance with DISA STIGs.
Provide on-site and/or remote testing in support of FISMA and CCRI through certification scans.
Experience in Assured Compliance Assessment Solution (ACAS) desired
EDUCATION & EXPERIENCE: