Vulnerability Management Lead, Washington, DC
Our client is seeking a Vulnerability Management Lead for a contract to hire opportunity in Washington, DC.
US Citizenship due to government requirements.
Clearance: Public Trust Background investigation required.
- Designs and develops new systems, applications, and solutions for external customer's enterprise-wide cyber systems and networks.
- Ensures system security needs established and maintained for operations development, security requirements definition, security risk assessment, systems analysis, systems design, security test and evaluation, certification and accreditation, systems hardening, vulnerability testing and scanning, incident response, disaster recovery, and business continuity planning and provides analytical support for security policy development and analysis.
- Integrates new architectural features into existing infrastructures, designs cyber security architectural artifacts, provides architectural analysis of cyber security features, and relates existing system to future needs and trends, provides engineering recommendations, and resolves integration and testing issues.
- Help to define, implement, and manage Vulnerability Management Program through the identification and analysis of known and newly found vulnerabilities to determine their operational and security impact.
- Address vulnerabilities found through remediation recommendations, vulnerability alerts and vulnerability bulletins.
- This task area requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation.
- May interface with external entities including law enforcement, intelligence and other government organizations and agencies.
- Perform scheduled and planned and ad-hoc vulnerability scanning, determine remediation options and track remediation to completion.
- Perform and automate both vulnerability and compliance scans using industry-standard vulnerability scanning software.
- Develop remediation and mitigation guidance to include vendor-supplied remediations, mitigating actions to reduce risk, and actions to address vulnerabilities.
- Provide technical leadership to the vulnerability management program, including developing and managing remediation activities.
- Assist with the development and implementation of strategies to enhance and mature the vulnerability management program.
- Lead efforts in providing responses to quarterly FISMA reports.
- Track and provide vulnerability metrics and compliance.
- Provide oversight for the remediation of vulnerabilities on the internal team’s servers.
- Create, maintain, and mature vulnerability management standard operating procedures (SOPs) and associated documentation.
- Create and track and provide status of plan of actions and milestones (POAMs) from submission through remediation.
- Analyze and help prioritize vulnerabilities to help the business understand the security impacts.
- Collaborates with end users, infrastructure support teams and other contractors to define and measure security policy and standards across the customer’s environment.
- Inspires and fosters confidence in others with ability to effectively communicate with various customer communities to understand their needs and provide them guidance on how to best protect them through your observations and recommendations.
- Interfaces directly with the government customer’s technical security teams to collect, integrate, interpret, and report using various tools to demonstrate risk, and advise stakeholders on a course of action.
- Maintain documentation repositories related to vulnerability management for use by internal staff and technical stakeholders.
- Provides guidance to the Event Detection and Incident Response efforts through policy development and identification of weaknesses in the program.
- Supports the customer’s business activities related risk identification and measurement systems within various technical and usage boundaries.
Bachelor’s Degree in Business, Engineering, Computer Science, Information Systems, or Social Science or minimum 7 years of experience in lieu of degree.
- Minimum of seven (7) years of IT knowledge and demonstrated hands-on experience in cyber security.
- Experience working with cross-functional teams (i.e., engineering, operations, and cybersecurity).
- CISSP – required
- ITIL Foundations Certification (v3/v4), or ability to obtain certification within 3 months.
You will support the security operations related to the following areas:
- Knowledgeable and deep understanding of vulnerability and risk management.
- Strong verbal and written communication skills required, and problem-solving ability.
- Experience with Tenable.sc/Nessus vulnerability scanning and reporting.
- Ability to articulate raw vulnerability and audit data into executive reports.
- Experience with BigFix or equivalent patch management software.
- Understanding of Splunk or equivalent SEIM / Log Aggregation tool.
- Familiar with attack and exploitation techniques involving operating systems, applications, and devices.
- Experience in configuration management with STIG/SCAP compliance baselines for windows, mac, Linux.
- Knowledgeable of NIST SP 800-53 security and privacy controls.
- Knowledgeable of FISMA reporting requirements.
- Experience with CSAM or equivalent security assessment reporting tool.
- Experience with Incident Response Team (IR/IRT) troubleshooting, root cause analysis and remediation verification.
- Ability to successfully accomplish tasks with minimal oversight and management.
- Familiar with FedRAMP for IaaS, PaaS, SaaS.
- Knowledgeable of Identity Management, ICAM/IDAM and authorization, least privilege, and reducing unauthorized elevated access.
- Understanding of Firewalls to include basic networking, sub-netting, IDS, NAT, ACL's.
- Only those individuals selected for an interview will be contacted.
- No calls, inquiries, or Third Party Vendors please.
- We are an equal opportunity employer (Unable to sponsor H1B Visas).
- $1000 Referral Bonus - www.aci.com.
Since 1988, The ACI Group, a Baltimore-based IT staffing firm, has been committed to hiring the industry’s leading professionals, and presenting exciting career opportunities. We have access to varied types of contract, permanent and contract-to-perm positions and offer a choice of employment options including a full benefits package.
Submit your resume for this job