Vulnerability Management Lead

Description

The Homeland Security Solutions Operation within the Intelligence Group at Leidos currently has an opening for a Cyber Vulnerability Management lead (CVM) as serve as part of the IT Security team under the USCG IMS program in several locations. The CVM lead will support and collaborate with the Department of Homeland Security (DHS) United States Coast Guard's Command, Control, Communications, Computer, Cyber and Intelligence Service Center (C5ISC) - Alexandria, VA and CG Cyber command in providing enhanced cyber engineering services for all infrastructure managed services (IMS) that empower all 65,000 end users (EUs) to successful execute the USCG's eleven mandatory missions. The A&A Analyst is expected to have technical knowledge and skills in one of the following areas: System Administration, network engineering, applications, and security operation. Support Cyber intelligence analysis processing community reporting, conduct link analysis, and collaborate with other Government cyber fusion teams. Publish intelligence products to inform network defenders about risk activities, new security control and vulnerability analysis methods, among other topics of interest. Ultimately, Leidos will support the C5ISC in unifying its shore-based networks and data management to improve network capabilities and services while decreasing life cycle costs and improving the EU experience.

Primary Responsibilities:
The A&A analyst will play a key role in supporting the C5ISC IMS program as the USCG looks to modernize its IT Enterprise into a COCO managed services model. Part of this role will be supporting the C5ISC in the technical planning and full lifecycle design, development, and integration in support of the C5I enterprise. Although this is a cyber/technical/engineering position, communication and interpersonal skills are crucial in this role. The candidate will be expected to interface with Government personnel, subcontractors, and management to identify required activities, perform collaborative planning, review deliverables, and resolve issues.The SSE will also assist in evaluating organization's security posture and services and ensuring approved processes and procedures are followed through review and audit activities in accordance with DoD and C5ISC security policies.

Basic Qualifications:

• Bachelor's degree and 12+ years of prior IT experience. Additional work experience or Cyber courses/certifications may be substituted in lieu of degree.
• 7+ years of experience working with and administering Tenable Security Center and Tenable Nessus agents within the DoD environment.
• 8+ years of experience leading a team of system administrators or cybersecurity professionals
• Experience managing ACAS scanners on Red Hat Enterprise Linux (RHEL)
• Demonstrated experience with multiple network security zones, subnetting, VRFs, and VLANs
• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic finding.
• Strong analytical and troubleshooting skills.
• DoD 8570 IAT III certifications required prior to starting.
• Design, develop implement, maintain, execute and improve a robust, comprehensive program to assess, analyze, and manage potential IT system and network vulnerabilities, and systematically identify and eliminate risks on the enterprise and subscriber networks, systems, applications and related assets.
• Leverage Security tools such as Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), Tanium, and Splunk to develop compliance matrix.
• Develop and maintain Work Instructions (WI) for vulnerability identification, assessment, analysis, remediation and mitigation, compliance reporting, and subscriber support.
• Perform the Vulnerability Management (VM) program in accordance with applicable DHS USCG regulations, NIST standards, and other appropriate guidance and ensure full compliance with all cyber security evaluation and certification criteria.
• Make proactive recommendations on effective, efficient use of technology and automation to improve the VM program, and as prescribed by the Government, ensure approved recommendations are implemented.
• Develop, maintain, and report enterprise, organizational, and system level VM Program Status through online format.
• Create continuous improvement processes/programs and ensure proactive efforts to correct deficiencies impacting the VM program.
• Create and maintain standard operating procedures for the Tenable team
• Validate that the team documents, reports, and resolves Tenable management or operational issues in accordance with required timelines
• Oversee completion of the following key functions for Tenable deployments
• Conduct scans and provide reporting to the DHS USCG leadership as well as scanned organizations
• Produce reports and charts that convey the operational state of Tenable scanners as well roll-ups of scan findings, trends, and outliers
• Should have at least one of the following certifications:SANS GIAC: GCED, GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON or GCIH ISC2 CCFP, CCSP, CISSP, CISM, CERT CSIH EC Council: CHFI, LPT, ECSA, Offensive Security: OSCP, OSCE, OSWP and OSEE EnCase: EnCE DOD 8570: IAT L3, CNDSP Analyst or IR Carnegie Mellon: CCSIH"

Preferred Qualifications:

• TS Clearance; SCI eligible
• Knowledge of USCG missions

IMSCG

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.