Vulnerability Manager Other Army

Job description

Vulnerability Manager - Other-Army

Diaconia is looking for a talented Vulnerability Manager - SME to join our Amazing team!

If you're looking to join a company that truly appreciates you and your talents, look no further! At Diaconia, we are committed to serving and caring for our colleagues, our clients and our community.

Our team is made up of talented individuals who appreciate having the opportunity to contribute their knowledge and experience to further the growth and development of our industry.

Our ideal candidates embrace diverse thinking, enjoy partnering with others and are seeking to make a difference!

We are currently searching for a new, full-time member for our team for the position of:

Vulnerability Manager - SME

We are seeking an experienced Vulnerability Manager who has experience with vulnerability management across a large Enterprise with many locations and multiple networks.

The Vulnerability Manager (VMgr) will be responsible for working with large technical teams to scope, schedule, and remediate any vulnerabilities identified.

The VMgr will also be responsible for working with the cyber security policy teams to ensure updated and accurate vulnerability information is being logged and reported

Job Responsibilities:

*Take the lead on reviewing vulnerabilities' data from multiple sources (i.e. external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies to determine remediation path and schedule

* Actively partner with technology and tools teams to review vulnerabilities, plan remediation, monitor plan, schedule rescan, and report.

* Provides analysis and validation post remediation, opportunities for improvements and out of the box thinking for optimizations and solving roadblocks.

* Develop vulnerability dashboards requirements that provide technical teams and program/Government leadership key data.

* Track and report status of vulnerabilities and their remediation on at least a weekly basis.

* Develop and manage program vulnerability management standard operating procedures and processes that meet the Government's vulnerability policies.

* Assist in ensuring scan results are presented in appropriate dashboards, reports, and forwarded to other data systems as necessary.

* Assist technical teams with the identification of baselines that will be subsequently scanned for compliance.

* Assist technical and security teams in the development of POA&M's as needed for vulnerabilities that have/will miss criticality timeframe targets.

*Technically proficient in a multitude of areas including but not limited too: Linux, Windows workstations and servers, Microsoft SQL, VMware, Cisco network infrastructure

* Assist in improving and automating the existing vulnerability management lifecycle.

Including but not limited, data ingestion & normalization, compliance metrics and detections on assets, composing reports and conducting briefings on the current posture of the Enterprise.

* Stay current with vulnerability information across all of the technologies within the Enterprise

* Assist in working with the Business to effectively communicate the risks of identified vulnerabilities and provide input to recommendations regarding the selection of cost-effective security controls to mitigate identified risks.

* Schedule and/or perform reoccurring and on demand vulnerability and compliance scanning activities of both on-premises and cloud environments utilizing enterprise platforms.

* Assist in interfacing with third-party vendors and other groups within the Enterprise to improve the overall security posture.

* Continuously investigate ways to improve the security posture within the Enterprise as it relates to vulnerability management.

Disclaimer The responsibilities and duties outlined in this job description are intended to describe the general nature and level of work performed by employees within this role.

However, they are not exhaustive and may be subject to change or modification at any time to meet the evolving needs of the organization.

Minimum Qualifications:

* 5 years of related experience within professional services, vulnerability management, and compliance monitoring.

* US Citizenship required; Active Top Secret Clearance

*Previous experience working in classified environments

*Demonstrated experience leading cybersecurity vulnerability management to include: analysis, recommendation and assistance with remediation.

* Strong working knowledge of the Qualys scanning tool.

* Technical understanding of a variety of technical concepts with focus on cloud computing, automation, networking, systems administration (Windows and Linux), application development, and information security best practices.

* Experience in IT controls monitoring for regulatory and compliance requirements such as DISA STIGs and CIS

IAT Level II Certification (minimum of 1 of the following):

Education:

* Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent.

Professional Certifications:

* IT Security Certifications such as Certified Vulnerability Assessor (CVA), Certified Ethical Hacker (CEH), CIPP (Certified Information Privacy Professional), CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information System Auditor), CISSP (Certified Information Security Professional) or CISM (Certified Information Systems Manager) is a plus.

Preference may be given if you live in a Hubzone Area (go to to check your status) which is a United States Small Business Administration (SBA) program for small companies that operate and employ people in Historically Underutilized Business Zones (Hubzone).

Required Skill Profession

Computer Occupations