Vulnerability Management Lead

Clearance Level
Information Security
Washington, District of Columbia

REQ#: RQ115054

Travel Required: None
Public Trust: Other
Requisition Type: Regular

We are GDIT. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country.

We are seeking a Vulnerability Management Lead in Washington, DC for our client, The Office of the Comptroller of the Currency (OCC). This role is projected for a five month duration with the possibility of an extension.


●    Work closely with our team and Government representatives on engineering, vulnerability, and risk management tasks
●    Write weekly status reports, and other ad-hoc deliverables as required
●    Perform regular vulnerability, compliance/configuration, database and web application scans
●    Assist with triage of vulnerabilities when possible, and serve as a subject matter expert (SME) on the risk of vulnerabilities across the enterprise
●    Provide recommendations to promote the development of Vulnerability/Risk Management policy across the agency
●    Develop secure configuration baselines based on best practices for new technologies in the environment
●    Promote knowledge sharing/training across functional areas 
●    Evaluate, develop and refine processes and procedures as required or requested by Government management and/or this contract’s program manager
●    Core Work Hours: M-F 8:00 am – 5:00 pm


    • 2+ years of experience as a hands-On Vulnerability Management Analyst
    • Significant experience using numerous security tools and technologies to include some of the following and/or closely comparable security technologies: Qualys, Nessus, AppScan, Splunk, BigFix, Cofense PhishMe, Cofense Triage, Burp Suite, RSA Archer, FireEye iSight, RedSeal
    • Experience evaluating DISA STIGs, CIS Benchmarks, and other industry best practices across technologies including: Windows Server (Member and Domain), Microsoft IIS, Microsoft SQL, Apache Tomcat, .NET Framework, Red Hat Enterprise Linux (RHEL), Mac OS, VMware ESXi and vSphere, Citrix NetScaler, Cisco IOS/NX/ASA Routers, Switches, Firewalls
    • Ability to identify and exploit OWASP top 10 risks, such as XSS, broken authentication, SQL injection

    Education: BS and 2 plus years


    • CompTIA Security+
    • Qualys Certified Specialist (Preferred)
    • Splunk Power User (Preferred)


    Opportunity Owned

    Discover more at  

    About Our Work

    We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

    COVID-19 Vaccination

    GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

    GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.