JOB DUTIES AND RESPONSIBILITIES
· Leverage enterprise scanning applications or tools approved by the government in support of the Vulnerability Management Program.
· Provide routine and ad-hoc automated vulnerability scans, scans in support of audits, scan result analysis, and validation scans of remediated vulnerabilities identified during vulnerability assessments.
· Support vulnerability scans of information systems for on-premise and hybrid cloud systems, as necessary.
· Support scanning and testing at the application and database level and refine and mature scanning metrics and thresholds to improve program maturity.
· Normalize data and provide results to system owners, system administrators, and Information Systems Security Officers (ISSOs) in support of change requests, ongoing authorizations, or systems undergoing authorizations to operate.
· Analyze weekly DHS Cyber Hygiene reports, facilitate remediation of findings therein, and promote comprehensive scanning coverage of all Internet-reachable IT assets.
· Identify corrective actions, compensating controls, and assist with POA&M development in the government agency's GRC tool.
· Identify mitigations for non-compliance, notify stakeholders of compliance issues and, where required, perform these mitigations.
· Take into account any infrastructure challenges and make recommendations for improvements where needed. This includes third party service provider hosted Software as a Service (SaaS), Platform as a Service (PaaS) instances as well as Infrastructure as a Service (IaaS)
· Provide expertise in the review of new vulnerability technologies and capabilities and interact with other technology divisions to facilitate deployment.
SUPERVISORY DUTIES
· This is non-supervisory position.
QUALIFICATIONS
Required Certifications
· Current industry certification such as CASP, CAP, CISSP, CISM, GSEC, GMON, or Security+.
Education, Background, and Years of Experience
· Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems.
· 7 years of experience in Information Assurance (IA) or cybersecurity with at least 3 years of experience in vulnerability management.
ADDITIONAL SKILLS & QUALIFICATIONS
Required Skills
· Experience with vulnerability scanning applications, to include Qualys and DBProtect.
· Experience analyzing results, normalizing data, and communicating with broad IT/non-IT stakeholder groups.
· Experience with STIG compliance baselines.
· Experience with NIST 800-53 security controls and compliance frameworks, such as NIST CSF and NIST RMF.
· Excellent communication skills, including verbal and written.
· Strong presentation skills required.
Preferred Skills
· Experience with BurpSuite preferred.
· Experience facilitating and/or participating in risk acceptance reviews and approvals desired.