Job title Vulnerability Management Lead
Location Hybrid 2 days Washington D.C.
Rate $60/hr on C2H ( $2 flexibility only )
Visa USC
Note Candidate must currently possess and be able to maintain a Pubic Trust High Min. clearance
JD
Job Duties
- Provide on-going support to the ISSO, ISSM, NCC, NSOC, NetOps, Server and Desktop Support teams to implement a Cyber Ready 365 posture.
- Lead and manage the overall public Disclosure program of vulnerabilities for the agency (VPD) per OMB mandates
- Identify and draft mitigation guidance for vulnerabilities with no-vendor provided remediation.
- Analyze publicly disclosed vulnerabilities of vendor software/hardware products and develop the mitigation/remediation orders.
- Compile daily, weekly, monthly and annual vulnerability metrics associated with affected and non-compliant DoD Assets.
- Utilize tracking tools/capabilities in a vulnerability management system to review manually uploaded and automated information from Federal agency component to report vulnerability orders and directives for compliance.
- Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities.
- Develop, document, and convey operational requirements to enhance capabilities to identify, track, and remediate system and network vulnerabilities as well as automated vulnerability management capability.
- Monitor the progress of and collaborate with internal and external organizations to ensure IAVM operational requirements are fulfilled.
- Administer vulnerability mitigation and security activities to deliver 95% compliance for all messages, orders, and directives (e.g., 0 Day Threats, CISA Directives, DHS Notifications, CVE/CVSS Critical)..
- Configure, manage, operate and maintain assigned instances of automated vulnerability management systems (e.g., Tanium, Extra Hop, 0365 GPOs, Microsoft's System Center Configuration Manager (SCCM), MS Purview, Tanium Automated Remediation and Asset Discovery, Patch Management)
- Build, configure, and deploy vulnerability remediation packages for automated vulnerability management systems (e.g., Tanium), when not available.
- C* Manage vulnerability detection, assessment, and analysis.
- Ensure agency infrastructure and critical environment are properly maintained and in compliance by enforcing and driving Network Operations, Engineering, AppDev teams to complete required efforts.
- Manage vulnerability remediation and provide oversite for vulnerability mitigation and security activities.
- Conduct vulnerability management for UNIX and/or Windows systems.
- Coordinate vulnerability management actions and POA&M actions with system owners.
- The Vulnerability and Management Lead works directly with the Information System Security Officer (ISSO) and Information System Security Manager (ISSM), NetOps groups, Cyber Leadership, CIO leadership, Application Development and Engineering teams to to implement a Cyber Ready 365 posture.
- The Vulnerability Management Lead is a key contributor in the Cyberspace focused boards, bureaus, centers, cells, and working groups (e.g., Vulnerability Management Core)
- The Vulnerability and Management Lead shall maintain communications and coordination between internal and external service providers in order to maintain situational awareness when required
- Required to be onsite in DC 2 days a week Min (Possible 3 days)
Qualifications
TYPICAL EDUCATION AND EXPERIENCE:
- Bachelors and five (5) years or more experience; Tanium Experience hands-on, RBD understanding, Executive Presentation, Articulation/Communication Skills, Confidence, Multi-Tasking, Time Management