Job Description

As a senior member of the Vulnerability Management and Assessment Team (VMAT), you will be part of a fast-paced team functioning as a SME in Security Assessments and Engineering, supporting CISA in safeguarding systems and networks across multiple environments. You bring the following to the team.

• Expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security

• Experience using and deploying vulnerability scanning and testing tools such as Burp suite, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Net Sparker, DB Protect, App Detective, Prisma Cloud, Core Impact, Microsoft Defender, AWS Security Hub, AWS Inspector, Code DX and similar platforms

• Experience analyzing and testing vulnerabilities, establishing cause and impact, and identifying corrective actions to eliminate and prevent the event from happening in the future

• Experience in vulnerability and assessment validations in various environments such as development, staging, and production

• Experience using various cloud environments such as Amazon Web Services, Azure, and/or Google Cloud

• Experience with system administration in Windows and/or Linux

• Purple Team capabilities and expertise (Blue - defensive and Red - offensive)

• Experience setting up and conducting extensive vulnerability and compliance assessment scans against a variety of unique target environments (e.g., development, staging, production, on-premise, cloud, and virtual)

• Manage and maintain scans across host operating system, web, database, cloud, and application-specific platforms

• Ability to identify DISA STIGs or best practices applicable for assessment and weekly scans

• Ability to provide guidance and support regarding the remediation of vulnerability and compliance findings

  Required Education, Experience, & Skills

  Bachelor’s Degree with 7 years related experience including cloud security OR 10 total years of experience in Information Assurance, and IT Security including cloud security.

Obtain and maintaining an IAT Level III baseline certification within (90) days of hire.

Your roles, skills, and activities will include the following.

• Build out scan policies, active scan jobs, asset lists, credentials, and onboard assets for scanning

• Conduct assessments and audits to identify weaknesses and security gaps

• Conduct in-depth security validation assessment assignments in response to new deployments and significant changes to environments

• Conduct quick security validation assessment assignments in response to availability of new audit file or non-significant change to a pre-existing system

• Identify, evaluate, validate, manage, test, and report on vulnerabilities

• Provide solutions to gaps in security posture

• Serve as a security SME across different domains

• Build and deliver detailed reporting deliverables from scans and assessments to stakeholders

• Respond to ad hoc requests and high-priority government tasks

• Conduct discovery scanning and have awareness of IP CIDR ranges, ports, protocols, source, and destination distinctions

• Deploy and maintain the latest approved DISA and commercially recognized audit files across FISMA systems

• Perform manual assessment of DISA STIGs on systems undergoing assessment and audit

• Support triaging efforts to determine root cause of detected issues or findings across various systems

• Troubleshoot and provide corrective guidance for scan issues such as host configurations, credentials, network blocks, and scanner accessibility

• Maintain target asset lists across all security tools ensuring alignment with system inventory

• Validate false positive and true positive submissions by analysis and vetting of artifacts and justifications

• Maintain and recommend improvements to security tools testing suite

• Provide support during ATO, penetration tests, and other auditing efforts

• Conduct risk analyses on CVEs, plugins, CWEs, KEVs, etc.

• Perform weekly scanning of systems in continuous monitoring and provide accurate scan results

• Build and maintain various tool-specific dashboards to support system vulnerability and compliance remediation efforts

• Participate in Agile planning events as a representative of the VMAT team.

• Conduct research, evaluation, and testing and provide technical input and recommendation regarding new security software and testing tools or devices for procurement

• Provide expertise in implementation of technical security controls in government cloud environments (cloud security experience required)

  Preferred Education, Experience, & Skills

Desired Certifications: CISSP, CCSP, CEH, AWS-SEC, MCASEA

Required Clearance: Secret

Work Locations: Sterling VA. or Rockville MD or Pensacola, FL