Senior Cybersecurity Vulnerability Engineer
OSIGOV is looking for a Senior Cybersecurity Vulnerability Engineer to oversee security posture, the data security architecture, and development of security guardrails in support of national security objectives. This position is onsite in Chambersburg, PA. You must be a US citizen, as this is part of a government contract that requires a Secret security clearance.
Duties and Responsibilities:
- Provide oversight of scheduling the scans (including ad hoc scans), ensure proper coordination with the mission partners occurs, ensure deconfliction is accomplished, assist other team members (i.e., an unresponsive mission partner), and assist with vulnerability scan reports.
- Operate, maintain, and administer approved security scanners to plan, create, manage, and retire scheduled or ad hoc scan and scan groups for workloads across NIPRNet and SIPRNet.
- Develop, distribute, and manage execution against the schedule of vulnerability scans.
- Monitor, identify, report, and facilitate the resolution of scan performance impacting issues.
- Maintain and ensure scans, accounts, and configurations are set in accordance with best practice guides and privileged access policies and procedures.
- Analyze mission requirements and organizational feedback to create, maintain, and improve scan results.
- Test and evaluate scanning tools and configurations.
- Maintain Mission Partner point of contact information, Internet Protocol (IP) ranges, and website/Universal Resource Locator (URL) information on the Data site via SharePoint.
- Create and deliver a Collective Trend Analysis Report and trend analysis including resolution data aimed at influencing the development of security strategies.
- Schedule, coordinate and perform vulnerability scans.
- Determine Ports/Protocols and Services Management (PPSM) compliance; provide mitigations, strategies, and false positive determinations.
- Create and deliver vulnerability scan reports, no later than two weeks after the scan is complete. Reports must include identified vulnerabilities, recommended resolutions/ mitigations, and trend analysis.
- When initiated by the Mission Partner, assist with a review of the report (i.e., answer questions, identify what was scanned, assist if assets were skipped).
- Communicate and validate scan results in accordance with policies and procedures.
- Help with vulnerability scan related issues/problem resolution with applicable Service desks.
Required Experience and Skills:
- Minimum 7 years of Cybersecurity experience.
- Proficiency in MS Office Suite products and SharePoint collaborative tools.
- In-depth experience with DISA STIGs and by-product analysis.
- Working knowledge of current government mandated cybersecurity policies and procedures.
- Strong inter-personal and communication skills (oral and written).
Education:
- A Bachelor’s degree in fields such as Information Technology, Cybersecurity, or Computer Science; OR any of the following certifications – GICSP, Cloud+, GCED, PenTest+, Security+, or GSEC CEH.
Certification:
- 8570 IAT Level II (CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CNS, SSCP).
Security Clearance:
- DoD Secret security clearance