Theater Vulnerability Analyst with Security Clearance

POSITION OVERVIEW We are looking for highly skilled Cybersecurity SMEs with PACAF MOB regional experience or knowledge to join our dynamic team based in Hawaii. If you have a strong background in cybersecurity, an in-depth understanding of PACAF environments, and the drive to lead in a mission-critical setting, we want you on our team. What You'll Do Cybersecurity Assurance & Compliance: Enhance and maintain PACAF cybersecurity by implementing cutting-edge controls following DoDI 8510.01 (RMF for DoD Systems) and other federal standards. Training & Mentorship: Share your expertise by mentoring cybersecurity teams at the Numbered Air Force (NAF) and Wing levels through our Cyberspace Readiness Review and Mentorship (CRR-M) program, ensuring teams are fully "cyber ready" for evolving threats. Operational Support: Play a key role in supporting PACAF Wings as they prepare for vital USCYBERCOM CORA and CCORI missions. Your deep regional knowledge will help secure both NIPRNet and SIPRNet networks. Data Management & Reporting: Keep our systems on track by updating and synchronizing cybersecurity data across essential Air Force and DISA repositories, and deliver detailed monthly progress reports. Vulnerability Management: Collaborate closely with PACAF vulnerability managers to proactively identify, manage, and mitigate potential security risks, reinforcing our overall cyber defense. Travel Opportunity: Based in Hawaii, you'll be traveling frequently throughout the PACAF region, ensuring direct, on-site support and integration with local teams. CORE EXPERIENCE REQUIREMENTS 2-3 years' experience in the following: Cybersecurity Execution: Executing Federal, National, DoD, USAF CIO, and US State Department requirements, including assessing cyber risks, identifying mission sets, and defending critical missions Advisory Expertise: Applying, assessing, and advising MAJCOM staff and Wings on cybersecurity requirements 3-4 year' experience in Theater Vulnerability Analyst Requirements to INCLUDE: Conducting Network Vulnerability Engineering Functions Expertise in DoD, AF, DISA, NIST, NIAP and PACAF processes DoD approved Scanning Tools (e.g., ACAS) Microsoft SCCM & MECM REQUIRED KSAs AF Cyber Architecture: Familiarity with AF Cyber architecture, including the roles of PACAF MOBs and GSUs. Endpoint Security: Familiar with endpoint security product requirements. Vulnerability Analysis: Capable of analyzing cyber vulnerabilities and presenting the findings clearly. Office & Collaboration Tools: Proficient with Microsoft Office and SharePoint for trend analysis; experienced with MS Teams, email, and VoIP. DISA STIGs Expertise: Extensive experience with DISA STIGs and by-product analysis. Data Analysis: Able to use SIPRNet and NIPRNet vulnerability tools to compile data for leadership. Vulnerability Management: Up-to-date on scanning, patching, and reporting metrics. Regulatory Knowledge: Understands USAF MPTO 00-33-1109A, USCYBERCOM CND Directives, Task Orders, Operational Orders, TCNO, and IAVM programs. HBSS/ePO Functions: Produces asset lists for devices with or without McAfee Agent capability. Conducts discovery scans to identify unknown assets. Analyzes scan results and recommends patching to improve cybersecurity. Maintains scanning credentials for high-accuracy asset analysis, including PMO systems. Vulnerability Scanning: Experienced in conducting full-scope scans via ACAS/Tenable.sc. Communication & Leadership: Organizes and presents vulnerability notifications and statuses. Excels in briefing technical information to both technical and non-technical audiences, including senior leaders. Demonstrates strong communication, leadership, problem-solving, time management, and critical thinking skills. Organizational Awareness: Familiar with PACAF structures and processes. MINIMUM QUALIFICATIONS: IAT III in 1 of the following: CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP Required Trainings (Completed or willing to complete upon start of work): Completed within the past year -Level 1 Anti-Terrorist Training -DoD Cyber Awareness Challenge -Operations Security (OPSEC) Awareness -Derivative Classification IF103.16 -Force Protection Level A Survival (completed within past 1-2 years) Evasion, Resistance, and Escape (SERE) Training USFK Training Active TS Clearance/SCI Valid Passport Bachelor's Degree in related field Based in Hawaii; Min 40% Travel to PACAF MOBs Candidate must be a U.S. Citizen and be authorized to work for the Federal government JOB RESPONSIBILITIES: Analyze PACAF AOR cybersecurity posture reports. Provide expert guidance and corrective action recommendations for PACAF cyber units. Collaborate with base cyber units and brief PACAF leadership on Wings' ability to run ACAS scans, mitigate issues via SCCM/MECM, and maintain DoD-mandated endpoint security products. Maintain proficiency with current and emerging endpoint security assessment tools. Assist the PACAF cyber field support team with vulnerability management. Coordinate and deliver vulnerability mentor training (virtual or on-site) to PACAF bases, and create training documentation. Work with cybersecurity technicians/ISSMs to keep compliance reports up-to-date. Track command-wide SCCM and MECM health status. Collaborate with vulnerability management teams to analyze scan results, identify patching issues, and report patching statuses to the chain of command. Analyze and produce weighted vulnerability indicator scores for NIPRNet and SIPRNet. Produce and distribute cybersecurity and vulnerability reports reflecting the current MAJCOM security posture. Use DISA CORA reports from the DISA J3 website on SIPRNet to advise cybersecurity staff on risk findings. Prepare and present command-wide cyber operations statuses to the PACAF Director of Air and Cyberspace Operations. Create and deliver PACAF compliance update briefs and assist in troubleshooting cybersecurity deficiencies. Assist in developing TASKORDs to enhance PACAF cybersecurity posture. Monitor the status of vulnerability management POAMs until completion, reporting at-risk items to PACAF leadership. Provide support to the CRR-M team as needed. Maintain comprehensive IP space and asset lists covering 100% of base assets. Manage the MAJCOM ACAS account (auditing for vulnerability metrics), the SIPRNet PROD account for SCCM/MECM patching analysis, the ELICSAR account for cybersecurity toolset awareness, and use the AFNET Compliance Tracker for monitoring CTOs, MTOs, and TCNOs related to vulnerability management. Serve as the government representative by managing contract personnel rosters and availability updates, contract invoices and funding expenses, monthly status reports, contractor NDAs, kick-off, close-out, and transition briefs, and contractor travel requirements. Monitor contract labor, events, workload, travel schedules, expenses, and program metrics for annual closeout.