Jacobs Jobs

Job Information

Jacobs Vulnerability Assessment Analyst (VAA), Advanced (Tier 3) - TS/SCI in Columbia, Maryland

Your Impact:

Jacobs is seeking a Vulnerability Assessment Analyst (VAA) Advanced for a prime contract that is based out of a Columbia, MD office. As VAA Advanced, you will serve on a team that is responsible for the Authorization and Assessment process under the Risk Management Framework (RMF) for new and existing information systems and will be expected to contribute technically for all assigned systems going for an Authority to Operate.

The work environment is fast-paced and sometimes involves deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers. Our program includes easily available process information and support from others with similar positions across the team.

Plans, coordinates, and integrates all systems engineering tasks adhering to a disciplined systems engineering process throughout all acquisition phases of the assigned subsystem, system or system of systems and approve ATO/IATOs.

Will have the opportunity to work across multiple domains, learning new Cybersecurity tools and techniques to enhance your technical skillset. This is an opportunity to work hand-in-hand with the customer in an exciting and dynamic program.


  • The VAA Tier 3 will be working within a small and dynamic team to manage the technical components of authorizations of multiple systems and networks of various size and complexity. The team will be focused on ensuring ATO compliance for various classified systems. Additionally, the VAA will be performing several cybersecurity functions to support the organization to include the following:

  • Site Surveys and Interface Technologies

  • Vulnerability Assessments, Penetration Testing, and Continuous Monitoring

  • Risk Management Framework Services, Certification and Accreditation (RMF CA) support

  • Policy Refinement

  • Incident Response and Forensic Analysis

  • Compliance Review and Oversight Inspections

  • Cyber Security Training and Product Development


Here’s what you’ll need :

  • Experience in cybersecurity within Intelligence Community and/or DoD Assessment and Authorization processes.

  • The VAA must have experience in the following:

  • Evaluating information system security architecture for functionality and efficacy.

  • Assessing information system threats based on government and open source data.

  • Teaming with Program Office IT personnel to advise, implement, and oversee the CIO’s vulnerability management program.

  • Developing and maintaining the following documents and providing relevant input to Authorizing Officials (AO) and/or their designee

  • Status of Plans of Actions and Milestones (POA&Ms)

  • Security Controls Traceability Matrices (SCTMs)

  • Risk Assessment Reports (RARs)

  • Information System Security Concepts of Operations (ISS CONOPs)

  • Security control assessment test plans

  • Engaging as a member of an Incident Response Team (IRT):

  • Managing, monitoring, and reviewing security monitoring data feeds for anomalies

  • Coordinating inquiries, threat analysis, containment and eradication with the Security Operations Center (SOC)

  • Developing after-action reports for Program Security Officer (PSO) and AO reporting.

  • Representing Program Office as a liaison with the software application services developers to validate the scope, objectives, and approach to cybersecurity requirements’ fulfillment.

  • Representing CSU as a liaison with PSOs in the assessment of government and Industry partners’ compliance with cybersecurity policy.

  • Applying tile Risk Management Framework as required by DoDM 5205.07 Volume 1, ICD 503, and C-NSSI 1253 to the Program Office’s information systems based on community of interest trends and mission sensitivity.

  • Defining, organizing, and leading delivery of cybersecurity education and training

  • Liaising to Community organizations for the purpose of:

  • Exchange of techniques, tradecraft, and practices related to the execution of a cybersecurity program

  • Developing community guidance on cybersecurity best practices.

  • Strengthening the Program Office’s standing within the cybersecurity community

  • Clearance Required: Active TS/SCI Minimum Education: N/AMinimum Years of Experience: Eight (8) years of related work experience


Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, religion, creed, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, medical condition, marital or domestic partner status, sexual orientation, gender, gender identity, gender expression and transgender status, mental disability or physical disability, genetic information, military or veteran status, citizenship, low-income status or any other status or characteristic protected by applicable law. Learn more about your rights under Federal EEO laws and supplemental language.