Vulnerability Manager (Junior, Mid, Senior)
Peraton
- Washington DC
- $86,000-138,000 per year
- Permanent
- Full-time
- Developing strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders.
- Maintaining appropriate management reporting mechanisms to facilitate communication of the vulnerability management program state across multiple levels within the organization.
- Coordinating and collaborating with Senior Compliance Manager to correctly configure and operate the automated testing cybersecurity readiness platform.
- Improving Vulnerability Identification, Management and Remediation of any discovered vulnerability in accordance with SLAs.
- Working closely with both government and leads technology-oriented personnel to ensure adequate processes are in place and actions are being taken to mitigate identified risks proactively.
- Using various tools such as ServiceNow, Splunk, and Office Automation to perform vulnerability management duties.
- Performing technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (i.e., local computing environment, network and infrastructure, enclave boundary, and supporting infrastructure)
- Implementing and managing a POA&M process for remediation by creating a POA&M for each known vulnerability and security weakness.
- Providing a detailed vulnerability scan report of the results gathered from the initial aggregation of the patch management cycle.
- Collecting, aggregating, and reviewing Intrusion Detection System/Intrusion Prevention System (IDS)/IPS) security-relevant devices within the centralized Security Incident Event Management (SIEM) system.
- Developing vulnerability and security compliance procedures in accordance with agency policies and DHS requirements.
- Conducting vulnerability scanning and analysis continuously, in accordance with agency and other government directed requirements.
- Utilizing a Common Vulnerability Scoring System (CVSS) to assess, prioritize, mitigate, and remediate any discovered vulnerabilities and known exploited vulnerabilities (KEV), per SLAs.
- Responding to major incidents requiring coordination with different offices, divisions, or agencies.
- Managing the security vulnerabilities and risks across network including identifying, supporting application/system owners to manage risks and remediate vulnerabilities.
- U.S. Citizen; eligible for U.S. Secret Security Clearance.
- 6 years’ experience, or BS/BA with 2 – 11 years, or MS with 1 - 9 years, or PhD with 1 - 3 years of experience; four (4) years of experience can be substituted in lieu of a bachelor’s degree.
- Working knowledge of security tools, e.g., Qualys and Tenable Nessus to provide real-time view of IT assets, network security events, and consolidated vulnerability and compliance data.
- Knowledge of common information security management frameworks such as CIS Controls, ITIL, NIST or other leading frameworks.
- Knowledge of information security principles and practices to include, but not limited to, the following areas: Vulnerability Scanning; Security Information and Event Management; Host Based Security; Malware Prevention
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood and actionable manner.
- Hold any security related certification such as CISSP, CISA, SCA, CSAM, VMDR, Security+.
- Active Secret Security Clearance.
- Highly self-motivated and adaptable to learning and understanding new technologies.
- CISSP, SCA