GDIT is currently seeking a Cyber Security Scanning Engineer in Beltsville, MD. This position supports continuous network vulnerability and compliance scanning for the Department of State’s Bureau of Diplomatic Security. The duties include, but are not limited to, conducting compliance and vulnerability scans on workstations, servers, databases, web servers and DMZ assets as well as reporting metrics, generating contract required deliverables, researching cyber security issues, and providing customer service. The team, in addition to other responsibilities, is responsible for weekly vulnerability and compliance reporting on over 200,000 assets across 300 foreign posts and hundreds of domestic locations.
Position Description Duties:
· Use active vulnerability scanners to perform high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis of the enterprise security posture. Support full life-cycle vulnerability and configuration management. Communicate recommendations to the responsible parties, track remediation’s and verify security patches and required configurations. Scan the entire enterprise, to include DMZs, and physically separate networks
· Develop and maintain policy and SOP updates
· Analyze available security information including results of configuration compliance verification, vulnerability assessment, security and system patch information, field reports, OIG reports, and intelligence information to assess the status of remote organization’s cyber security posture
· Operate, maintain and configure the configuration compliance verification tool; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
· Operate, maintain and configure the vulnerability assessment tool suite; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
· Operate, maintain and configure the web security assessment tool suite; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
· Maintain and operate all hardware supporting the configuration compliance verification and vulnerability assessment activities including system administration, configuration management, technical troubleshooting, backup/recovery, training and user support
· Develop configuration benchmarks and vulnerability checks based on established configuration standards and CVEs (Common Vulnerabilities and Exposures) using the Security Content Automation Protocol (SCAP)
· Perform liaison activities with other bureaus and offices
· Support incident response, threat analysis, forensics and penetration testing teams by performing on-demand and targeted vulnerability scans
Working knowledge of and experience in information systems methodology, policy, and standards environment of information security, especially in government is desirable. Excellent written and oral communications skills desired. Ability to work collaboratively with a broad range of constituencies essential. A demonstrated ability to work with diverse groups of people is required.
· Four years of experience in information security, information technology, or related field
· Experience performing vulnerability and/or compliance scanning in an enterprise network environment
· Active Secret clearance required
· Technical knowledge of information technology and cyber security standards and issues is required for this position
· The CVE (Common Vulnerabilities and Exposures) standard
· Effective written and verbal communication skills
· Persistent and polite follow-up with clients in order to maintain project schedule. Good customer service skills are critical to thriving on the team.
· Problem solving and attention to detail
Desired Skills, Preferred but not required:
· Experience using Tanium, Tenable, and/or Rapid 7 products to conduct enterprise security scans.
This position requires being fully vaccinated against COVID-19 by January 18, 2022 or the start date, if after January 18. Individuals who work in or reside in Texas or Montana or work outside of the United States may be excluded from this requirement.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.