Vulnerability Management SME
Washington, DC

Job Description

Vulnerability Management SME

Key Role:

Lead a team of Cybersecurity analysts and demonstrate expert-level knowledge of the planning, development, coordination, implementation, and execution of a vulnerability management program within a federal organization. Serve as a lead technical security tester working in a dynamic client environment and maintain responsibility for managing teams of approximately 2 - 3 testers. Conduct compliance and vulnerability assessments on a broad range of systems, including mainframe, UNIX, Windows, networking, databases, virtual environments, applications, and Web servers. Use both manual and automated methodologies to identify, assess, and report security risks, prioritize findings based on risk, and document detailed corrective and remediation plans or actions. Apply in depth technical knowledge to interpret reports and communicate vulnerability statuses to subscribers. Lead an effort for risk remediation using Tenable SecurityCenter, including dashboard creation to coordination remediation efforts with system owners. Create customized Audit files for Tenable's Nessus product to be used to scan for compliance and vulnerability scans.

Basic Qualifications:

* 5+ years of experience with IT audits, including conducting technical security compliance tests and vulnerability assessments
* 3+ years of experience with developing or implementing risk management strategies
* 2+ years of experience in a lead or supervisory role
* Knowledge of NIST SP 800 series and testing NIST SP 800-53 security controls
* Experience with the planning, development, coordination, execution, and improvement of compliance- and vulnerability management-related processes
* Experience with Information Assurance Vulnerability Alerts from higher headquarters to ensure functional levels remain compliant
* Experience with configuring and conducting Nessus compliance scans
* Knowledge of scanning, patching, and data analytics technologies and industry best practices for vulnerability management, risk analysis, and vulnerability remediation plan development
* Ability to obtain a security clearance
* BA or BS degree

Additional Qualifications:

* Experience in communicating at a functional level with government leaders
* Experience in developing quality and accurate work products and communicating concisely with senior clients, including developing written reports
* Experience with the DoD ACAS
* Experience with data analytics and risk modeling
* Knowledge of various programming and computer languages, including Regular Expression and Python.
* Knowledge of Cybersecurity threats and techniques used by adversaries
* Ability to be detail-oriented and organized and plan and prioritize multiple tasks
* Ability to work independently and as part of a multi-disciplined, dynamic team
* Possession of excellent analytical, problem-solving, and interpersonal skills
* Possession of excellent oral and written communication skills
* BA or BS degree in Cybersecurity, IT, Forensics, or Computer Engineering preferred
* CISSP Certification preferred
* Tenable Certified Nessus Auditor (TCNA) Certification

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We're an EOE that empowers our people-no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic-to fearlessly drive change.