Today
Secret
Mid Level Career (5+ yrs experience)
$150,000 and above
No Traveling
IT - Security
Job Description
As a senior member of the Vulnerability Management and Assessment Team (VMAT), you will be part of a fast-paced team functioning as a SME in Security Assessments and Engineering, supporting CISA in safeguarding systems and networks across multiple environments. You bring the following to the team.
Expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security
Experience using and deploying vulnerability scanning and testing tools such as Burp suite, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Net Sparker, DB Protect, App Detective, Prisma Cloud, Core Impact, Microsoft Defender, AWS Security Hub, AWS Inspector, Code DX and similar platforms
Experience analyzing and testing vulnerabilities, establishing cause and impact, and identifying corrective actions to eliminate and prevent the event from happening in the future
Experience in vulnerability and assessment validations in various environments such as development, staging, and production
Experience using various cloud environments such as Amazon Web Services, Azure, and/or Google Cloud
Experience with system administration in Windows and/or Linux
Purple Team capabilities and expertise (Blue - defensive and Red - offensive)
Experience setting up and conducting extensive vulnerability and compliance assessment scans against a variety of unique target environments (e.g., development, staging, production, on-premise, cloud, and virtual)
Manage and maintain scans across host operating system, web, database, cloud, and application-specific platforms
Ability to identify DISA STIGs or best practices applicable for assessment and weekly scans
Ability to provide guidance and support regarding the remediation of vulnerability and compliance findings
Required Education, Experience, & Skills
Bachelor’s Degree with 7 years related experience including cloud security
OR
10 total years of experience in Information Assurance, and IT Security including cloud security.
Obtain and maintaining an IAT Level III baseline certification within (90) days of hire.
Your roles, skills, and activities will include the following.
Build out scan policies, active scan jobs, asset lists, credentials, and onboard assets for scanning
Conduct assessments and audits to identify weaknesses and security gaps
Conduct in-depth security validation assessment assignments in response to new deployments and significant changes to environments
Conduct quick security validation assessment assignments in response to availability of new audit file or non-significant change to a pre-existing system
Identify, evaluate, validate, manage, test, and report on vulnerabilities
Provide solutions to gaps in security posture
Serve as a security SME across different domains
Build and deliver detailed reporting deliverables from scans and assessments to stakeholders
Respond to ad hoc requests and high-priority government tasks
Conduct discovery scanning and have awareness of IP CIDR ranges, ports, protocols, source, and destination distinctions
Deploy and maintain the latest approved DISA and commercially recognized audit files across FISMA systems
Perform manual assessment of DISA STIGs on systems undergoing assessment and audit
Support triaging efforts to determine root cause of detected issues or findings across various systems
Troubleshoot and provide corrective guidance for scan issues such as host configurations, credentials, network blocks, and scanner accessibility
Maintain target asset lists across all security tools ensuring alignment with system inventory
Validate false positive and true positive submissions?by analysis and vetting of artifacts and justifications
Maintain and recommend improvements to security tools testing suite
Provide support during ATO, penetration tests, and other auditing efforts
Conduct risk analyses on CVEs, plugins, CWEs, KEVs, etc.
Perform weekly scanning of systems in continuous monitoring and provide accurate scan results
Build and maintain various tool-specific dashboards to support system vulnerability and compliance remediation efforts
Participate in Agile planning events as a representative of the VMAT team.
Conduct research, evaluation, and testing and provide technical input and recommendation regarding new security software and testing tools or devices for procurement
Provide expertise in implementation of technical security controls in government cloud environments (cloud security experience required)
Preferred Education, Experience, & Skills
Desired Certifications: CISSP, CCSP, CEH, AWS-SEC, MCASEA
As a senior member of the Vulnerability Management and Assessment Team (VMAT), you will be part of a fast-paced team functioning as a SME in Security Assessments and Engineering, supporting CISA in safeguarding systems and networks across multiple environments. You bring the following to the team.
Expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security
Experience using and deploying vulnerability scanning and testing tools such as Burp suite, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Net Sparker, DB Protect, App Detective, Prisma Cloud, Core Impact, Microsoft Defender, AWS Security Hub, AWS Inspector, Code DX and similar platforms
Experience analyzing and testing vulnerabilities, establishing cause and impact, and identifying corrective actions to eliminate and prevent the event from happening in the future
Experience in vulnerability and assessment validations in various environments such as development, staging, and production
Experience using various cloud environments such as Amazon Web Services, Azure, and/or Google Cloud
Experience with system administration in Windows and/or Linux
Purple Team capabilities and expertise (Blue - defensive and Red - offensive)
Experience setting up and conducting extensive vulnerability and compliance assessment scans against a variety of unique target environments (e.g., development, staging, production, on-premise, cloud, and virtual)
Manage and maintain scans across host operating system, web, database, cloud, and application-specific platforms
Ability to identify DISA STIGs or best practices applicable for assessment and weekly scans
Ability to provide guidance and support regarding the remediation of vulnerability and compliance findings
Required Education, Experience, & Skills
Bachelor’s Degree with 7 years related experience including cloud security
OR
10 total years of experience in Information Assurance, and IT Security including cloud security.
Obtain and maintaining an IAT Level III baseline certification within (90) days of hire.
Your roles, skills, and activities will include the following.
Build out scan policies, active scan jobs, asset lists, credentials, and onboard assets for scanning
Conduct assessments and audits to identify weaknesses and security gaps
Conduct in-depth security validation assessment assignments in response to new deployments and significant changes to environments
Conduct quick security validation assessment assignments in response to availability of new audit file or non-significant change to a pre-existing system
Identify, evaluate, validate, manage, test, and report on vulnerabilities
Provide solutions to gaps in security posture
Serve as a security SME across different domains
Build and deliver detailed reporting deliverables from scans and assessments to stakeholders
Respond to ad hoc requests and high-priority government tasks
Conduct discovery scanning and have awareness of IP CIDR ranges, ports, protocols, source, and destination distinctions
Deploy and maintain the latest approved DISA and commercially recognized audit files across FISMA systems
Perform manual assessment of DISA STIGs on systems undergoing assessment and audit
Support triaging efforts to determine root cause of detected issues or findings across various systems
Troubleshoot and provide corrective guidance for scan issues such as host configurations, credentials, network blocks, and scanner accessibility
Maintain target asset lists across all security tools ensuring alignment with system inventory
Validate false positive and true positive submissions?by analysis and vetting of artifacts and justifications
Maintain and recommend improvements to security tools testing suite
Provide support during ATO, penetration tests, and other auditing efforts
Conduct risk analyses on CVEs, plugins, CWEs, KEVs, etc.
Perform weekly scanning of systems in continuous monitoring and provide accurate scan results
Build and maintain various tool-specific dashboards to support system vulnerability and compliance remediation efforts
Participate in Agile planning events as a representative of the VMAT team.
Conduct research, evaluation, and testing and provide technical input and recommendation regarding new security software and testing tools or devices for procurement
Provide expertise in implementation of technical security controls in government cloud environments (cloud security experience required)
Preferred Education, Experience, & Skills
Desired Certifications: CISSP, CCSP, CEH, AWS-SEC, MCASEA
group id: apexsan
