Vulnerability Manager #4656

Company Overview

GovCIO is a team of transformers–people who are passionate about transforming government I.T. We believe in making a difference by developing digital strategies and delivering the technology-related innovation that improves governmental operations each day.

But we can’t do it alone. We welcome and nurture an inclusive and diversified work culture. Because different backgrounds, experiences, abilities, and perspectives make us better decision-makers, problem solvers, and creators. We’re changing the face of I.T. – from our diverse staff to the end-products we develop. And we’re excited to expand our team. Are you ready to be a transformer?

 

We are seeking an experienced Vulnerability Manager who has experience with vulnerability management across a large Enterprise with many locations and multiple networks. The Vulnerability Manager (VMgr) will be responsible for working with large technical teams to scope, schedule, and remediate any vulnerabilities identified. The VMgr will also be responsible for working with the cyber security policy teams to ensure updated and accurate vulnerability information is being logged and reported

 

Responsibilities

• Take the lead on reviewing vulnerabilities’ data from multiple sources (i.e. external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies to determine remediation path and schedule.
• Actively partner with technology and tools teams to review vulnerabilities, plan remediation, monitor plan, schedule rescan, and report.
• Provides analysis and validation post remediation, opportunities for improvements and out of the box thinking for optimizations and solving road blocks.
• Develop vulnerability dashboards requirements that provide technical teams and program/Government leadership key data.
• Track and report status of vulnerabilities and their remediation on at least a weekly basis.
• Develop and manage program vulnerability management standard operating procedures and processes that meet the Government’s vulnerability policies.
• Assist in ensuring scan results are presented in appropriate dashboards, reports, and forwarded to other data systems as necessary.
• Assist technical teams with the identification of baselines that will be subsequently scanned for compliance.
• Assist technical and security teams in the development of POA&M’s as needed for vulnerabilities that have/will miss criticality timeframe targets.
• Technically proficient in a multitude of areas including but not limited too: Linux, Windows workstations and servers, Microsoft SQL, VMware, Cisco network infrastructure.
• Assist in improving and automating the existing vulnerability management lifecycle. Including but not limited, data ingestion & normalization, compliance metrics and detections on assets, composing reports and conducting briefings on the current posture of the Enterprise.
• Stay current with vulnerability information across all of the technologies within the Enterprise.
• Assist in working with the Business to effectively communicate the risks of identified vulnerabilities and provide input to recommendations regarding the selection of cost-effective security controls to mitigate identified risks.
• Schedule and/or perform reoccurring and on demand vulnerability and compliance scanning activities of both on-premise and cloud environments utilizing enterprise platforms.
• Assist in interfacing with third-party vendors and other groups within the Enterprise to improve the overall security posture.
• Continuously investigate ways to improve the security posture within the Enterprise as it relates to vulnerability management.

 

Minimum Qualifications

• Bachelor’s with 8+ years (or commensurate experience)
• 5 years of related experience within professional services, vulnerability management, and compliance monitoring.
• Previous experience working in classified environments.
• Demonstrated experience leading cybersecurity vulnerability management to include: analysis, recommendation and assistance with remediation.
• Strong working knowledge of the Qualys scanning tool.
• Technical understanding of a variety of technical concepts with focus on cloud computing, automation, networking, systems administration (Windows and Linux), application development, and information security best practices.
• Experience in IT controls monitoring for regulatory and compliance requirements such as DISA STIGs and CIS.

Position can be 100% remote, however, candidates living in the DC Metropolitan area, is highly preferred

 

Education

• Bachelor’s degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent  

Professional Certifications

• IT Security Certifications such as Certified Vulnerability Assessor (CVA), Certified Ethical Hacker (CEH), CIPP (Certified Information Privacy Professional), CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information System Auditor), CISSP (Certified Information Security Professional) or CISM (Certified Information Systems Manager) is a plus.

Compensation Range (In compliance with Colorado's Equal Pay for Equal Work Act for remote or positions located in CO)

$140,000-160,000

Apply Now