B

Vulnerability Manager

BCS365
Full-time
On-site
US

Why Work at SI?

Secure Innovations (SI)

successfully and continuously strives to become experts in the Cybersecurity field by only focusing on Cyber! Because of this, we proudly stand behind our motto, "We're Not Standard Cyber. We're the Cyber Standard."

SI was built on the principle that people matter first and foremost. SI believes in providing a strong work/life balance by investing in our employees and encouraging professional and personal growth. We do this by offering exceptional benefits, flexible schedules, and the tools necessary to achieve success through paid training, mentoring, and the opportunity to work alongside top-notch security professionals.

Secure Innovations was recently awarded as

PRIME

on this mission-focused cyber program!

The

Vulnerability Manager

receives vulnerability input, direction, and guidance from multiple sources and takes directed action to effectively mitigate vulnerabilities in order to protect networks. Leverages an operational understanding of current vendor remediation's to prioritize vulnerability escalation procedures and integrates continuous monitoring to ensure mitigations fall within prescribed timelines.
The Level 2 Vulnerability Manager shall possess the following capabilities:

Knowledge of cyber threats and vulnerabilities.
Determine overall Common Vulnerabilities and Exposures (CVE) priority when threat activity is identified; report incidents that may cause immediate and/or ongoing impact to the environment.
Monitor and provide periodic system owners vulnerability mitigation completion updates.
Knowledge of system and application security threats, vulnerabilities, and cyber attackers.
Monitor external data sources to determine which security issues may have an impact on the enterprise.
Identify, develop, and determine mitigation or remediation actions for system and network vulnerabilities.
Communicate written and verbal information in a timely, clear, and concise manner.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
Knowledge of system administration, network, operating system hardening techniques, and the risk management process.
Knowledge of specific operational impacts of cybersecurity lapses and organization's threat environment.
Recommend impact/risk assessments to identify systemic security issues based on the analysis of vulnerability and configuration data.
Document and escalate incidents (including event's history, status, and potential impact for further action); recommend mitigations that will have immediate impact to the environment.
Perform after-action reviews of team products to ensure completion of analysis.
Lead and mentor team members as a technical expert.

Qualifications:

An Active Clearance w/ FS Poly is REQUIRED
Four (4) years of demonstrated experience as a VM in programs and contracts of similar scope, type, and complexity is required.
Two (2) years of experience of technical reporting.
Two (2) years of experience in network and threat analysis.
A technical bachelor's degree from an accredited college or university may be substituted for two (2) years of VM experience on projects of similar scope, type, and complexity.
Requires DoD 8570 compliance with Information Assurance Technical (IAT) Level I or Level II certification (A+, Network+, CCNA-Security, CND, SSCP, Security+, CySA+, GSEC, etc)
Requires successful completion of the Splunk software training course "Fundamentals 1"

(This is FREE and can be completed online!)