Vulnerability Manager (Junior, Mid, Senior)

• Developing strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders.
• Maintaining appropriate management reporting mechanisms to facilitate communication of the vulnerability management program state across multiple levels within the organization.
• Coordinating and collaborating with Senior Compliance Manager to correctly configure and operate the automated testing cybersecurity readiness platform.
• Improving Vulnerability Identification, Management and Remediation of any discovered vulnerability in accordance with SLAs.
• Working closely with both government and leads technology-oriented personnel to ensure adequate processes are in place and actions are being taken to mitigate identified risks proactively.
• Using various tools such as ServiceNow, Splunk, and Office Automation to perform vulnerability management duties.
• Performing technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (i.e., local computing environment, network and infrastructure, enclave boundary, and supporting infrastructure)
• Implementing and managing a POA&M process for remediation by creating a POA&M for each known vulnerability and security weakness.
• Providing a detailed vulnerability scan report of the results gathered from the initial aggregation of the patch management cycle.
• Collecting, aggregating, and reviewing Intrusion Detection System/Intrusion Prevention System (IDS)/IPS) security-relevant devices within the centralized Security Incident Event Management (SIEM) system.
• Developing vulnerability and security compliance procedures in accordance with agency policies and DHS requirements.
• Conducting vulnerability scanning and analysis continuously, in accordance with agency and other government directed requirements.
• Utilizing a Common Vulnerability Scoring System (CVSS) to assess, prioritize, mitigate, and remediate any discovered vulnerabilities and known exploited vulnerabilities (KEV), per SLAs.
• Responding to major incidents requiring coordination with different offices, divisions, or agencies.
• Managing the security vulnerabilities and risks across network including identifying, supporting application/system owners to manage risks and remediate vulnerabilities.

• U.S. Citizen; eligible for U.S. Secret Security Clearance.
• 6 years’ experience, or BS/BA with 2 – 11 years, or MS with 1 - 9 years, or PhD with 1 - 3 years of experience; four (4) years of experience can be substituted in lieu of a bachelor’s degree.
• Working knowledge of security tools, e.g., Qualys and Tenable Nessus to provide real-time view of IT assets, network security events, and consolidated vulnerability and compliance data.
• Knowledge of common information security management frameworks such as CIS Controls, ITIL, NIST or other leading frameworks.
• Knowledge of information security principles and practices to include, but not limited to, the following areas: Vulnerability Scanning; Security Information and Event Management; Host Based Security; Malware Prevention
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood and actionable manner.
• Hold any security related certification such as CISSP, CISA, SCA, CSAM, VMDR, Security+.

• Active Secret Security Clearance.
• Highly self-motivated and adaptable to learning and understanding new technologies.
• CISSP, SCA

Peraton