SR. VULNERABILITY MANAGEMENT ANALYST (DOD IAT II & CSSP AUDITOR) WITH SECURITY CLEARANCE
Crest Security Assurance
Smyrna GA 30080 US
Position Overview:
We are seeking an experienced Vulnerability Management Lead to enhance our Cybersecurity Center's ability to manage cybersecurity risks to systems, assets, data, and agency capabilities. The successful candidate will focus on the active identification and remediation or mitigation of system and application weaknesses, enabling the Department of Defense (DoD) to prioritize its risk and vulnerability management efforts in alignment with agency needs. Key Responsibilities:
The Vulnerability Management Lead will oversee all phases of the vulnerability management lifecycle, including identification, analysis, reporting, remediation/mitigation, verification, and post-analysis for process improvement.
In the Identification phase, you will monitor DoD and U.S. Government reporting channels, reliable security sources, and vendor repositories for vulnerability announcements and information related to emerging threats. You will acknowledge and disseminate vulnerability assessments and notifications within one business day to DCMA Government stakeholders. Additionally, you will report compliance for prevailing orders, directives, and guidance to the Commander of US Cyber Command according to specified reporting timelines.
You will perform vulnerability scans using DoD/DCMA-approved scanning tools such as ACAS, ensuring compliance with DoD directives on approved configurations for vulnerability scans. It is essential to keep policies on approved tools up to date at least 24 hours before conducting a scan. When DISA conducts DCMA vulnerability scanning, you will process scan notifications within one business day. Defining and scoping the DCMA boundary is also part of your responsibilities, with updates and reviews conducted quarterly to ensure accuracy.
During the Analysis phase, you will assess risks and potential operational impacts associated with disclosed vulnerabilities affecting DCMA-owned and managed information systems. Prioritizing vulnerabilities in accordance with DoD and DCMA guidelines is crucial. You will also communicate new vulnerability details impacting DCMA to the cybersecurity infrastructure team to update signatures and capture vulnerabilities.
In the Reporting phase, collaboration with DCMA Patch Management is key to disseminate Vulnerability Scan Reports to appropriate system owners using DCMA-approved templates. You will create Knowledge Base (KB) articles to assist system administrators in interpreting notifications and understanding the next steps.
For Remediation and Mitigation, you will work closely with DCMA Patch Management when a vulnerability is within fourteen business days of expiring to determine if a Plan of Action and Milestones (POA&M) or Risk Acceptance needs to be drafted. Monitoring the overall status of DCMA security POA&M and Risk Acceptance compliance is part of your role. Drafting notifications using DCMA-approved templates and collaborating with DCMA Cybersecurity leadership to determine appropriate mitigation strategies for high-risk vulnerabilities that cannot be remediated through patching or updating is essential.
You will develop internal distribution, implementation, and reporting procedures in the form of KB articles for DCMA system owners. Directing additional actions to mitigate risks for noncompliant information systems and devices, including blocking or disconnecting them, and providing weekly non-compliance reports to DCMA Cybersecurity Leadership are also part of your duties.
In the Verification phase, you will respond to all rescan requests for patched vulnerabilities within three business days. Reporting back to system owners on the success or failure of patches and providing next steps for compliance if unsuccessful is crucial to maintain system integrity.
During Post-Analysis and Process Improvement, you will enhance the performance of vulnerability mitigation, management, compliance reporting, and vulnerability trending processes through formal process improvement methodologies. Collecting and analyzing lessons learned for potential process improvements, reporting quarterly, and incorporating them into current policies, processes, and documentation will contribute to the continuous improvement of the cybersecurity posture.
You will provide monthly, quarterly, and annual metrics tracking performance and mission success, including mean time to patch, POA&M and Risk Acceptance staffing, and non-compliance trends. Supporting the DCMA risk assessment process, Information Security Continuous Monitoring (ISCM) program, and overall risk management strategy by providing vulnerability scan information to the Risk Management Group or relevant entities is also a key responsibility.
Conducting testing of information system software patches, updates, upgrades, and hardware device configurations is essential. You will provide information system baseline scan reports within two business days after the completion of scans. These reports must include an analysis of identified vulnerabilities based on criticality and recommendations for mitigation or remediation before deploying system images to production systems.
By the fifth business day of each month, you will deliver a monthly enterprise, discovery, and compliance Vulnerability Scan report. This report should include open and unauthorized TCP/UDP ports in accordance with DoDI 8551.01 and the Category Assurance List, vulnerable software and misconfigured services on all DCMA networks, specific operating system and application misconfigurations and vulnerabilities, and benchmark scans to test products for Security Technical Implementation Guide (STIG) compliance.
You will conduct vulnerability scan requests, such as Service Requests and Incident Reports, and provide analysis results within 24 hours of receiving the request. Creating and maintaining consistent, repeatable, quality-driven, measurable, and comprehensive Vulnerability Management procedures is another key responsibility. You will establish common standards for directive reporting and compliance related to vulnerability management, updating and reviewing procedures annually or when impacted by lessons learned.
Engaging with stakeholders is vital. You will host weekly vulnerability remediation and mitigation meetings to review actions with stakeholders, provide subject matter expert-level guidance on scanning signatures and detection capabilities, and validate and monitor corrective actions and remediation of vulnerabilities on DCMA information systems.
Participating in daily Cyber Situational Awareness Briefs (SAB), you will provide the health status of DCMA and DoD-required scans and scanning tools across all environments, including scans completed by entities such as DISA, and report the latest vulnerability status. Collaboration with DoD and non-DoD organizations is essential to actively share vulnerability information and shape the cyber mission space for vulnerability mitigation. Qualifications:
Security Clearance: Active Secret Security Clearance required.
DoD IAT Level II Certification (one of the following):
CCNA Security
CySA+
GICSP
GSEC
Security+ CE
CND
SSCP
DoD CSSP Auditor Certification (one of the following):
CEH
CySA+ **
CISA
GSNA
CFR
PenTest+ Skills and Abilities:
Proficiency with DoD/DCMA-approved scanning tools (e.g., ACAS).
Strong understanding of DoD directives and compliance requirements.
Excellent analytical and risk assessment skills.
Effective communication and collaboration abilities.
Experience with process improvement methodologies.
Ability to manage multiple tasks and meet tight deadlines.
We are seeking an experienced Vulnerability Management Lead to enhance our Cybersecurity Center's ability to manage cybersecurity risks to systems, assets, data, and agency capabilities. The successful candidate will focus on the active identification and remediation or mitigation of system and application weaknesses, enabling the Department of Defense (DoD) to prioritize its risk and vulnerability management efforts in alignment with agency needs. Key Responsibilities:
The Vulnerability Management Lead will oversee all phases of the vulnerability management lifecycle, including identification, analysis, reporting, remediation/mitigation, verification, and post-analysis for process improvement.
In the Identification phase, you will monitor DoD and U.S. Government reporting channels, reliable security sources, and vendor repositories for vulnerability announcements and information related to emerging threats. You will acknowledge and disseminate vulnerability assessments and notifications within one business day to DCMA Government stakeholders. Additionally, you will report compliance for prevailing orders, directives, and guidance to the Commander of US Cyber Command according to specified reporting timelines.
You will perform vulnerability scans using DoD/DCMA-approved scanning tools such as ACAS, ensuring compliance with DoD directives on approved configurations for vulnerability scans. It is essential to keep policies on approved tools up to date at least 24 hours before conducting a scan. When DISA conducts DCMA vulnerability scanning, you will process scan notifications within one business day. Defining and scoping the DCMA boundary is also part of your responsibilities, with updates and reviews conducted quarterly to ensure accuracy.
During the Analysis phase, you will assess risks and potential operational impacts associated with disclosed vulnerabilities affecting DCMA-owned and managed information systems. Prioritizing vulnerabilities in accordance with DoD and DCMA guidelines is crucial. You will also communicate new vulnerability details impacting DCMA to the cybersecurity infrastructure team to update signatures and capture vulnerabilities.
In the Reporting phase, collaboration with DCMA Patch Management is key to disseminate Vulnerability Scan Reports to appropriate system owners using DCMA-approved templates. You will create Knowledge Base (KB) articles to assist system administrators in interpreting notifications and understanding the next steps.
For Remediation and Mitigation, you will work closely with DCMA Patch Management when a vulnerability is within fourteen business days of expiring to determine if a Plan of Action and Milestones (POA&M) or Risk Acceptance needs to be drafted. Monitoring the overall status of DCMA security POA&M and Risk Acceptance compliance is part of your role. Drafting notifications using DCMA-approved templates and collaborating with DCMA Cybersecurity leadership to determine appropriate mitigation strategies for high-risk vulnerabilities that cannot be remediated through patching or updating is essential.
You will develop internal distribution, implementation, and reporting procedures in the form of KB articles for DCMA system owners. Directing additional actions to mitigate risks for noncompliant information systems and devices, including blocking or disconnecting them, and providing weekly non-compliance reports to DCMA Cybersecurity Leadership are also part of your duties.
In the Verification phase, you will respond to all rescan requests for patched vulnerabilities within three business days. Reporting back to system owners on the success or failure of patches and providing next steps for compliance if unsuccessful is crucial to maintain system integrity.
During Post-Analysis and Process Improvement, you will enhance the performance of vulnerability mitigation, management, compliance reporting, and vulnerability trending processes through formal process improvement methodologies. Collecting and analyzing lessons learned for potential process improvements, reporting quarterly, and incorporating them into current policies, processes, and documentation will contribute to the continuous improvement of the cybersecurity posture.
You will provide monthly, quarterly, and annual metrics tracking performance and mission success, including mean time to patch, POA&M and Risk Acceptance staffing, and non-compliance trends. Supporting the DCMA risk assessment process, Information Security Continuous Monitoring (ISCM) program, and overall risk management strategy by providing vulnerability scan information to the Risk Management Group or relevant entities is also a key responsibility.
Conducting testing of information system software patches, updates, upgrades, and hardware device configurations is essential. You will provide information system baseline scan reports within two business days after the completion of scans. These reports must include an analysis of identified vulnerabilities based on criticality and recommendations for mitigation or remediation before deploying system images to production systems.
By the fifth business day of each month, you will deliver a monthly enterprise, discovery, and compliance Vulnerability Scan report. This report should include open and unauthorized TCP/UDP ports in accordance with DoDI 8551.01 and the Category Assurance List, vulnerable software and misconfigured services on all DCMA networks, specific operating system and application misconfigurations and vulnerabilities, and benchmark scans to test products for Security Technical Implementation Guide (STIG) compliance.
You will conduct vulnerability scan requests, such as Service Requests and Incident Reports, and provide analysis results within 24 hours of receiving the request. Creating and maintaining consistent, repeatable, quality-driven, measurable, and comprehensive Vulnerability Management procedures is another key responsibility. You will establish common standards for directive reporting and compliance related to vulnerability management, updating and reviewing procedures annually or when impacted by lessons learned.
Engaging with stakeholders is vital. You will host weekly vulnerability remediation and mitigation meetings to review actions with stakeholders, provide subject matter expert-level guidance on scanning signatures and detection capabilities, and validate and monitor corrective actions and remediation of vulnerabilities on DCMA information systems.
Participating in daily Cyber Situational Awareness Briefs (SAB), you will provide the health status of DCMA and DoD-required scans and scanning tools across all environments, including scans completed by entities such as DISA, and report the latest vulnerability status. Collaboration with DoD and non-DoD organizations is essential to actively share vulnerability information and shape the cyber mission space for vulnerability mitigation. Qualifications:
Security Clearance: Active Secret Security Clearance required.
DoD IAT Level II Certification (one of the following):
CCNA Security
CySA+
GICSP
GSEC
Security+ CE
CND
SSCP
DoD CSSP Auditor Certification (one of the following):
CEH
CySA+ **
CISA
GSNA
CFR
PenTest+ Skills and Abilities:
Proficiency with DoD/DCMA-approved scanning tools (e.g., ACAS).
Strong understanding of DoD directives and compliance requirements.
Excellent analytical and risk assessment skills.
Effective communication and collaboration abilities.
Experience with process improvement methodologies.
Ability to manage multiple tasks and meet tight deadlines.