Vulnerability Management Lead

JOB DESCRIPTION: - Provide on-going support to the ISSO, ISSM, NCC, Server and Desktop Support teams to implement a Cyber Ready 365 posture. - Identify and draft mitigation guidance for vulnerabilities with no-vendor provided remediation. - Analyze publicly disclosed vulnerabilities of vendor software/hardware products and develop the mitigation/remediation orders. - Compile daily, weekly, monthly and annual vulnerability metrics associated with affected and non-compliant DoD Assets. - Utilize tracking tools/capabilities in a vulnerability management system to review manually uploaded and automated information from DoD component to report vulnerability orders and directives for compliance. - Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities. - Develop, document, and convey IAVM operational requirements to enhance capabilities to identify, track, and remediate system and network vulnerabilities as well as automated vulnerability management capability. - Monitor the progress of and collaborate with internal and external organizations to ensure IAVM operational requirements are fulfilled. - Administer vulnerability mitigation and security activities to deliver 95% compliance for all messages, orders, and directives (e.g., IAVM, TCNOs, TASKORDS). - Upon notification from AFDW Cybersecurity Offices, perform vulnerability mitigation activities, as required/mandated by the appropriate CNDSP, CSSP, PENTCIRT, NOS, DoD or 24th AF Component. - Configure, manage, operate and maintain AFDW assigned instances of automated vulnerability management systems (e.g., Microsoft's System Center Configuration Manager (SCCM) and Automated Remediation and Asset Discovery (ARAD). - Build, configure, and deploy vulnerability remediation packages for automated vulnerability management systems (e.g., SCCM, and ARAD), when not available from DoD and Air Force Enterprise service providers. - Coordinate with the corresponding 24 AF organizations (e.g., 83 NOS, 561 NOS, 26 NOS) and administer local level requirements to ensure that End Point Security (EPS) (a.k.a Host Based Security System (HBSS)) products are current and operational in AFDW host systems IAW USCYBERCOM, AFCYBER, and applicable DoD Orders or policies. - Manage vulnerability detection, assessment, and analysis. - Ensure ACAS servers are properly maintained and in compliance. - Manage vulnerability remediation and provide oversite for vulnerability mitigation and security activities. - Conduct vulnerability management for UNIX and/or Windows systems on AFDW owned section of the AFIN. - Coordinate vulnerability management actions and POA&M actions with system owners. - Draft, coordinate, and track POA&Ms with the local Cybersecurity office, AF, and DoD components as required to support vulnerability management efforts. - Must be available for shift (0600 - 1800) 24/7/365, within 2 hours to meet with the COR if needed. - Travel is up to 10%. Job Duties: - The Vulnerability and Management Lead works directly with the Information System Security Officer (ISSO) and Information System Security Manager (ISSM), NCC, Server and Desktop Support Teams to implement a Cyber Ready 365 posture. - The Vulnerability Management Lead is a key contributor in the Cyberspace focused boards, bureaus, centers, cells, and working groups (B2C2WG) (e.g., cyberspace resiliency working group). - The Vulnerability and Management Lead shall maintain communications and coordination between internal and external service providers in order to maintain situational awareness over the AFDW portion of the AFIN. - A Vulnerability Management Lead shall be on site 0600-1800, Monday through Friday, and available 24/7/365 within 2 hours to meet with the COR on site. Qualifications: TYPICAL EDUCATION AND EXPERIENCE: - Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience ; PhD or JD and four (4) years or more experience. CLEARANCE REQUIREMENT: - Candidate must currently possess and be able to maintain a SECRET clearance. 440970
Salary Range: NA
Minimum Qualification
8 - 10 years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Lead Contracts/Acquisition Specialist (Polygra...
Annapolis Junction, MD The MITRE Corporation
Lead Software Systems Engineer
Aberdeen, MD The MITRE Corporation