Position Title: Vulnerability Assessment Team Lead
Location: Redstone Arsenal, Huntsville, AL
Relocation Assistance: None available at this time
Remote/Telework: NO - Not available for this position
Clearance Type: DoD Secret
Shift: Day shift (Mon-Fri)
Travel Required: Up to 25% of the time
#cjpost
This position is contingent on an award of work that is expected in Nov 2024
Description of Duties:
The Vulnerability Assessment Team Lead supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will:
- Provide Subject Matter Expert oversight and guidance on the MDA Cybersecurity Service Provider - Computer Emergency Response Team's (MDA CSSP-CERT's) Vulnerability Assessment Program and serve as the primary POC for customer decision points.
- Analyze correlated asset, threat, and vulnerability data against know adversary exploits and techniques to determine impact and improve network defensive posture.
- Develop, instruct, and evaluate a Vulnerability Assessment Analyst Training Plan in support of training and mentoring Junior, Mid, and Senior Vulnerability Assessment Analysts.
- Support the development, establishment, review and update of Defensive Cyberspace Operations (DCO) procedures, processes, manuals, and other documentation.
- Provide standardized and targeted training in support of MDA CSSP-CERT Subscriber vulnerability management programs.
- Coordinate with MDA CSSP-CERT Subscribers to notify, investigate, and remediate discrepancies with ACAS, ESS, or other compliance information.
- Assist with host-based security solutions across the enterprise utilizing Trellix Endpoint Security Solutions (ESS), to include: anti-malware, Endpoint Security (ENS), data loss prevention, and rogue system detection.
- Perform DCO / CSSP duties outlined in Evaluator Scoring Metrics (ESM).
- Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture.
- Perform and analyze vulnerability scans, data trending, and reporting utilizing Assured Compliance Assessment Solution (ACAS / Nessus) scanning tool.
- Perform and analyze network security threat and impact assessments.
- Performs assessments of systems and networks, and identifies where those systems and/or networks deviate from acceptable configurations, enclave policy, or local policy.
- Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
- Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document / report the findings in accordance with CJCSM 6510.01B guidelines.
- Support Incident Response across the MDA Enterprise IAW DoD regulations and instructions.
- Lead cyber event and incident investigations from start to conclusion, to include gathering data, analysis, and reporting.
- Create, update, and manage queries and dashboards pertaining to ESS, ACAS, and related security tools
The successful candidate will:
- Have in-depth knowledge of Trellix Endpoint Security Solutions (ESS).
- Have in-depth knowledge of Assured Compliance Assessment Solution (ACAS).
- Have familiarity with Enterprise Mission Assurance Support Service (eMASS).
- Have familiarity with Cyber Operational Attribute Management System (COAMS).
- Have familiarity with Continuous Monitoring Risk Scoring (CMRS).
- Have experience with most MS Office applications (Word, Excel, PowerPoint, and Visio).
- Be able to multi-task and prioritize various projects and assignments in a dynamic work environment in order to meet scheduled/unscheduled customer requests.
- Be willing to travel 25% of the time.
- Be willing to manage and support rotating shifts in a 24 x 7 operational environment and respond quickly to emergencies as needed.
Resumes, in month and year format, must be submitted with application in order to be considered for the position. The selected candidate may be assigned as an employee for one of our teammate companies.
Basic Requirements:
Must have one of the following combinations of education and experience: HS Diploma (or GED) and 10 years of general experience; Associate's degree and 8 years of general experience; Bachelor's degree and 6 years of general experience; Master's degree and 4 years of general experience.
- Must have 8 years of direct experience in applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing and/or preparing audit reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions.
- Must have 4 years' experience in management or leadership in a team environment.
- Must have a DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CCNA Security, CySA+, GICSP,GSEC, Security+ CE, C|ND, SSCP)
- Must have, or be able to obtain, a DoD 8570.01-M IAM Level III certification with Continuing Education (CE) - (CISM,CISSP (or Associate), GSLC, or C|CISO)
- Must have, or be able to obtain, a DoD 8570.01-M CSSP Auditor certification with Continuing Education (CE) - (C|EH, CySA+, CISA, GSNA, CFR, PenTest+)
- Must have an active DoD SECRET Security Clearance.
Desired Requirements:
- Have a Master's degree, or higher, in Cybersecurity, Computer Science, or related field.
- Have experience configuring and performing scans ACAS / Nessus.
- Have a background in configuration, troubleshooting, policy development, and deployment of host-based security (ESS preferred).
- Be able to mentor and train personnel in an evolving and high-paced environment.
- Be familiar with DoD Security Operations Centers (SOCs) (aka CSSP).
- Be familiar with DCO / CSSP-guiding security policies and procedures.
- Have an active DoD TOP SECRET Security Clearance.
This position is expected to pay $155,000 - $180,000 annually; depending on experience, education, and any certifications that are directly related to the position.
This position will be posted for a minimum of 3 days. If a candidate has not been selected at that time, it will continue to be posted until a suitable candidate is selected or the position is closed.
Our health and welfare benefits are designed to invest in you, and in the things that you care about. Your health. Your well-being. Your security. Your future. Typical benefits offered include flexible work schedules, educational reimbursement, retirement benefits (401K match), employee stock purchase plan, health benefits, tax saving options, disability benefits, life and accident insurance, voluntary benefits, paid time off and paid holidays, and parental leave.