The Vulnerability Management Analyst (VMA) - Information System Security Manager (ISSM) will work closely with the Cybersecurity Compliance Team – to support multiple programs of USACE (United States Army Corps of Engineers) connected systems through the vulnerability management and Risk Management Framework (RMF) process. They will be responsible for maintaining configuration items and executing functions on the vulnerability management platform, which may include but not limited to ACAS & Source Code scans, STIG Validation in support of DISA, DoD, USACE guidelines and proactive vulnerability detection. They will be responsible for composing essential documentation (procedures, compliance and remediation reports, continuous monitoring, etc.), providing analysis and metrics on vulnerabilities, and driving remediation of vulnerabilities throughout the organization. The ideal candidate has a background in Systems Administration or Systems Engineering, has a strong systems security mindset, and is very detailed oriented with strong written and oral communication skills.
Knowledge, Skills and Abilities
Conducting and maintaining vulnerability scanning on application
Producing actionable; risk-based reports on security assessment results
Assisting with vulnerability remediation when necessary
Developing and maintaining security plans and security testing plans
Continue to maintain all documentation for RMF certification & Accreditation activities.
Document, Monitor and Maintain the change control board processes
Be responsible and accountable for all task and reporting deadlines
Continuously improve risk models; metrics; reports; processes; and activities
Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.
Interfaces with client to understand their security needs and oversees the development and implementation of procedures to accommodate them.
Weighs business needs against security concerns and articulates issues to management and/or customers.
Maintains current knowledge of relevant technology as assigned.
Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation
Participates in special projects as required.
Ability to manage vendor relationships and track externally dependent patching activities; driving the threat research life cycle
Ability to learn complex computing environments quickly; memorization skills desired
Broad understanding of all aspects of IT and enterprise systems interoperability (OSI Model; SDLC; ITIL; etc.)
Coordinate with other team (SOC; IR; RMD; Ops; Management; etc.) activities as necessary
Managing vulnerability mitigation and information security process in an enterprise environment
Proven ability to Lead customer-facing reporting and negotiation activities
Ability to produce and disseminate reports for vulnerability assessments and compliance reporting
A Cyber Security Team team-player contributing to policy development, RMF package accreditation's, and EMSEC/TEMPEST requirements
Provide technical support to system and technology owners to propose mitigation and remediation solutions
Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied
Document and report on processes and procedures
Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
Must have one of the following DoD 8570 IAM III Level certifications: CISSP, CISM, GSLC
Must have one of the following Computing Environment (CE) certifications: RHSA, MCSA
Must obtain one of the following AWS Cloud certifications within 3 months of hire: Certified Solutions Architect Associate/Professional, Certified Developer Associate, Certified SysOps Admin, and Certified DevOps Engineer Professional
Sec+ CE, SSCP, GIAC Security Essentials, and other security related certifications a plus
5+ years combined IT Systems and ISSM experience
Must have a Secret Clearance
The work is performed in an office and lab environment
Must be able to obtain a passport for OCONUS travel, if required
Lift over 35 LBs
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.