Vulnerability Engineer- Washington DC area - 4 days REMOTE 1 day in office weekly!
Developing and maintaining policy and procedures for detecting, tracking, and resolving vulnerabilities.
Planning, implementing, configuring, maintaining, administering, and supporting VM tools for the detection and tracking of security vulnerabilities.
Conducting vulnerability scans of The client systems, applications, and websites.
Identifying, researching and analyzing vulnerabilities to assess relevant threats and impact to the client, recommending corrective actions, collecting evidence to verify the vulnerability has been remediated, summarizing and presenting results, and prioritizing remediation of vulnerabilities.
Validating vulnerabilities with the use of Metasploit or other tools.
Responding to customer inquiries regarding vulnerability management.
Conducting training and education on cyber security threats, vulnerabilities, etc.
Troubleshooting vulnerability management issues.
Managing and addressing vulnerability requests submitted via the OCIO Help Desk.
Documenting and tracking changes within the VM infrastructure pertaining to but not limited to asset inventory, report scheduling, and scanning.
Coordinating with DHS as needed to perform vulnerability scans of The client Internet facing assets. Reviewing DHS scan reports and coordinating resolution of the vulnerabilities with The client staff.
Monitoring US-CERT, SANS and other sources for vulnerability and threat information, analyzing and determining the scope of reported vulnerabilities, determining impact to The client systems, developing recommendations to defend the Institution against these threats, and tracking and reporting on remediation activities.
Experience performing the full cycle of system Assessment and Accreditation (A&A) activities, with expertise being an ISSO (or Assessing) General Support Systems (GSS).
Strong technical background with strong understanding of network architectures and communications, operating systems, web platforms, and databases
Solid working knowledge of the National Institute of Technology (NIST) Risk Management Framework (RMF).
Experience with Federal GRC Tools (i.e. Archer, CSAM, Xacta, etc.) used for A&A
Good writing, interpersonal and communication skills
Experience developing and maintaining system security documentation, including but not limited to System Security Plans, Security Assessment Reports, Contingency Plans, and Interconnection Security Agreements.