Senior Vulnerability Management Consultant

Role Description:

• Serves as the Secondary Point of Contact (POC) for an agency-wide vulnerability management program.

• Responsible for tangibly maturing the vulnerability management program to efficiently cover all approved technologies utilizing a consistent, well-documented approach.

• Execute web application, API, container, operating system, application, mobile device, and database layer vulnerability scanning / configuration drift scanning for systems leveraging on-premise and cloud-based technologies.

• Consolidate scanning tool results and provide vulnerability analysis in a manner that incorporates agency-specific context.

• Assess vulnerabilities, to include performing open source research, to ascertain if additional safeguards are needed and ensure systems are patched, and security hardened at all system layers.

• Present briefings to infrastructure system stakeholders and agency leadership on a recurring basis.

• Collaborate with infrastructure system stakeholders to remediate identified findings.

• Attend external meetings on the agency’s behalf.

Required Qualifications and Education:

• Bachelor’s Degree in Computer Science or Information Technology from an U.S. accredited institution

• Must have one of the following active certifications: CISA, CISSP, CISM, CGRC, CCSP

• At least eight years of progressively increasing vulnerability management program experience, which includes experience establishing or significantly enhancing an agency vulnerability management program

• Must have knowledge of the following security toolsets: Qualys, BurpSuite (for web application scanning), DBProtect (for database scanning), SonarQube (for code scanning), Lookout.

• Beginner to intermediate understanding of Microsoft Windows and Linux operating systems

• Experienced in developing presentations from vulnerability results and providing recommendations

• Experienced in developing security policies or procedures

• Able to operate proactively as well as independently with little supervision.

• Has excellent oral, writing, and team skills

Clearance and Location Requirements

• Able to be cleared for a Public Trust clearance.

• This job requires to be on-site 3 days/week in Washington, DC.

‍