201 to 225 of 485 Permanent Vulnerability Management Jobs

Architecture (NOA). This role resides within the Data pillar and involves designing and automating security pipelines to enhance software security posture within a DevSecOps framework. Responsibilities include automating vulnerability scans, implementing mitigations, and managing automated Docker container builds. The role may require the development of multi-enclave security pipelines, contingent on binary modification levels accepted by RAISE+. Job … Plan of Action & Milestones (POA&Ms) for medium-level findings. • Maintain continuous burndown of medium-level vulnerabilities. • Develop and implement mitigations in compliance with ISSM-approved timelines based on vulnerability severity. • Enhance security automation processes for streamlined vulnerability remediation. • Work closely with cybersecurity and development teams to improve security best practices within DevSecOps pipelines. Basic Qualifications: • 10 or … more years relevant experience. • Hands-on experience with Tekton for CI/CD automation. • Proficiency in Docker containerization and security hardening. • Strong understanding of security vulnerability management within a DevSecOps pipeline. • Familiarity with secure software development lifecycle (SDLC) principles. Desired Skills & Experience • DoD Cybersecurity Workforce (CSWF) qualification desired; must meet or be capable of satisfying DoD 8140 requirements. More ❯

Program Description: The program provides Systems Engineering and Technical Assistance (SETA) core and non-core support in the areas of Cyber Security and Management to improve the Information Assurance (IA) posture of a National customer. The contracts Core Capabilities are: IA Management, Federal Information Security Management Act (FISMA) coordination and reporting, Risk Management Framework (RMF) application … IA compliance measurements and metrics, Assessment and Authorization (A&A), Vulnerability Management, and Cyber Defense support. Position Description: The Information Security Continuous Monitoring Validator provides support to the customer in the area of Cyber Security. Daily tasks include, but are not limited to: Supports the Information Security Continuous Monitoring (ISCM) Program Lead and Validator Lead in standing up … STEM) or an advanced IA certification (i.e. CISSP or CASP) Experience briefing senior customer personnel Experience supporting IC or DoD in the Cyber Security Domain with acquisition and project management Experience with RSA Archer, Service Now, and Xacta Cloud experience (certification preferred) Travel 1-25% Security Clearance Top Secret/SCI/CI Poly More ❯

Program Description: The program provides Systems Engineering and Technical Assistance (SETA) core and non-core support in the areas of Cyber Security and Management to improve the Information Assurance (IA) posture of a National customer. The contracts Core Capabilities are: IA Management, Federal Information Security Management Act (FISMA) coordination and reporting, Risk Management Framework (RMF) application … IA compliance measurements and metrics, Assessment and Authorization (A&A), Vulnerability Management, and Cyber Defense support. Position Description: The Information Security Continuous Monitoring Validator Lead provides support to the customer in the area of Cyber Security. Daily tasks include, but are not limited to: Supports the Information Security Continuous Monitoring (ISCM) Program Lead in standing up the customer … STEM) or an advanced IA certification (i.e. CISSP or CASP) Experience briefing senior customer personnel Experience supporting IC or DoD in the Cyber Security Domain with acquisition and project management Experience with RSA Archer, Service Now, and Xacta Cloud experience (certification preferred) Travel 1-25% Security Clearance Top Secret/SCI/CI Poly More ❯

Procedures (SOPs) for internal and external processes. Analyze cybersecurity data (e.g., continuous monitoring, configuration, vulnerabilities, assets, software) to detect trends, and identify risks. Recommend risk mitigation strategies for common vulnerability trends identified. Develop procedures for continuous monitoring of network systems and devices. Manage and review NSS Performance Plan Metrics; report discrepancies to compliance leadership (ISSO and ISSM). Support … artifacts, review artifacts and evaluate POA&M for closure, make recommendations to Federal Stakeholders. Provide input on waivers and/or accepted risks as it relates to POA&M management processes, including clearly articulating compensating controls in place to mitigate risk. Create Security Impact Analysis (SIA) reports based on engineering assessments. Develop and deliver presentations on security engineering topics … year of experience documenting POA&Ms and managing the entire POA&M lifecycle, from open to closure. 1 year of experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management. 1 year of experience in client-engagement. Must have at least one cybersecurity certification such as: CISSP, CISM, CISA, CEH Must have Top Secret SCI More ❯

enterprise. This Cybersecurity Lead is essential in ensuring the security and integrity of NMEC's Information Technology systems and DOMEX network enclaves. The Cybersecurity Lead will spearhead cybersecurity risk management, continuous monitoring, and Computer Network Defense (CND) operations, while leading integration and security oversight for all relevant systems and applications. Responsibilities Serve as the primary lead for cybersecurity risk … management, continuous monitoring, and administration of security tools across NMEC systems, applications, and tools. Monitor and support integration of DOMEX products, services, and systems through automated testing, secure development practices, and scheduling of secure release activities. Lead all cybersecurity projects and initiatives, with a focus on ensuring confidentiality, integrity, and availability of the NMEC IT environment. Implement and enhance … procedures to protect DOMEX network enclaves from threats, vulnerabilities, and misconfigurations. Oversee and optimize use of security tools and applications, including endpoint protection, SIEM, IDS/IPS, vulnerability scanning, and compliance tools. Support and enforce information assurance policies, plans, and procedures consistent with DoD, IC, and federal guidelines. Work closely with system owners, developers, and operational teams to ensure More ❯

employee at M.C. Dean, you will join forces with more than 5,800 professionals who engineer and deploy automated, secure and resilient power and technology systems; and deliver the management platforms essential for long-term system sustainability. Together, we transform the way complex, large-scale systems are designed, delivered, and sustained-enhancing client outcomes, improving lives, and changing the … a multidisciplinary team, you will be responsible for coordinating and implementing technical controls and configuration settings and will work in a team environment alongside other cybersecurity engineers and Risk Management Framework (RMF) analysts responsible for supporting Information System Security Engineering efforts. Working closely and supporting team members, vendors, and government customers Implementing DoD Security Technical Implementation Guides (STIGs) on … systems Assisting in the development and verification of documentation necessary to complete the DoD RMF assessment and authorization process Conducting ICS/SCADA system inventories following DoD guidance Conducting vulnerability scanning and document system vulnerabilities Supporting ISO standardization and Quality inspections Participating in continuous improvement of organizational cybersecurity posture Qualifications Clearance/Citizen Type: Applicants selected will be subject More ❯

cybersecurity expertise tailored to cloud-native environments. Our cybersecurity SMEs bring decades of experience protecting sensitive systems and data across the defense ecosystem. We lead efforts in RMF compliance, vulnerability management, threat detection, and Zero Trust implementation for high-impact programs. Position Summary The CC SME will provide strategic cybersecurity oversight for 's AWS GovCloud infrastructure, ensuring end … defensive cyber operations, and advanced threat detection. Key Responsibilities Develop, assess, and maintain cybersecurity controls across cloud systems Ensure RMF, STIG, NIST SP 800-53, and FISMA compliance Manage vulnerability scans, penetration testing, and incident response Advise on integration of AI/ML-based cyber defense tools Support ATO processes and continuous monitoring Requirements Qualifications Bachelor's in Computer … Science, IT, or related field 8+ years of experience in cloud cybersecurity and risk management In-depth knowledge of RMF, STIGs, SCAP, and defensive cyber ops Certification in CISSP, CISM, GCSA, etc. Experience with DoD cyber operations and remediation planning (preferred)Plateau does not accept unsolicited resumes from third-party recruiters without a signed third-party agreement. Any unsolicited More ❯

profile cybersecurity team supporting mission-critical operations. This position is ideal for a seasoned ISSM who thrives in fast-paced, security-driven environments and is well-versed in Risk Management Framework (RMF), information assurance, and federal cybersecurity compliance. Essential Duties and Responsibilities (but not limited to): • Lead and support assessment and authorization activities in alignment with National, DoD, and … mitigation strategies and ensure implementation of effective safeguards. • Analyze, document, and advise on system modifications and their cybersecurity impacts including DRs, PRs, CRs, and infrastructure upgrades. • Conduct risk assessments, vulnerability inspections, and security evaluations of existing and planned systems. • Review and contribute to system security test plans, test reports, and RMF documentation including System Security Plans (SSPs), Security Risk … Analyses, and Vulnerability Management Plans. • Provide cybersecurity oversight during system changes; prepare risk acceptance documentation and exception letters where necessary. • Support cyber assessments by external agencies (i.e., DISA, NSA, 16th AF) and participate in special projects like DCO and technical evaluations. • Monitor emerging threats and vulnerabilities; update POA&Ms accordingly. • Promote cybersecurity awareness and adherence to best practices More ❯

Your role will be pivotal in ensuring the secure delivery of new systems into live service, as well as ongoing protection, compliance, and incident response. You will: Own the vulnerability management strategy across platforms, leading scanning, remediation, and reporting activities Design and enforce endpoint security policies, access controls, and malware protections Lead incident identification and response efforts, ensuring … skills & experience: Extensive hands-on experience in cyber security engineering roles, ideally in defence, government, or secure sectors Advanced knowledge of AWS security services, network security, endpoint protection, and vulnerability management Strong working knowledge of compliance frameworks and standards (CIS, STIG, NIST, Government Functional Standard 007) Proven ability to lead security planning, risk assessments, and incident response activities More ❯

Cybersecurity Specialist Senior Level(Key Person Task Area Lead) Task Area 6: Component Risk Management and Compliance/Senior Risk Analyst Certification Required: CISSP or CISM or CSSP or CAP Security Clearance Required: Top Secret Required Years of Experience: 8 Job Location: Currently remote due to COVID and building renovations. Must be in or willing to move to the … and DHS Component feedback. Participate in Performance Plan Working Group by reviewing current metrics, recommending updates with justification. Organize, prepare, participate in, and sometimes run the monthly Organizational Risk Management Board (ORMB) meeting to include release of meeting minutes to attendeesMethodologies, Strategic Plans, Guidance documents and policy memos with security authorizations, inventory, security training program, policy, and procedures and … and action items on POA&M Meetings Report weekly and monthly with a summary of the PRB progress as defined by Federal POA&M Lead. Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and self-reported data to identify trends and anomalies cybersecurity performance and mitigation of risk. Provide research and development More ❯

analysis of cybersecurity directives, policies, and instructions to include, but not limited to: Communications Task Orders (CTOs), Fragmentary/Task/Operation Orders (FRAG/TASK/OPORDs), IA Vulnerability Management (IAVM), Public Key Infrastructure (PKI) guidance, and STIG requirements. Conduct analysis of Assured Compliance Assessment Solution (ACAS) vulnerability scans and Security Technical Implementation Guides (STIGs) to … to any finding identified via manual or automated testing, to a specific CVE, IT technologies, or any other physical or logical subject. Track and report compliance status in the Vulnerability Remediation Asset Manager (VRAM) and similar reporting tools as applicable Ensure current security testing and evaluation software is sufficient to the task of conducting infrastructure security testing and regularly … currently hold and be able to maintain US Secret security clearance Proven experience managing cybersecurity teams in a government, defense, or highly regulated environment. Excellent leadership, communication, and stakeholder management skills. Comply with the DoD Cyber IT/CSWF Program requirements of DoD 8140.03 and SECNAV M-5239.2 at the Intermediate (IAT-II) level. COMPTIA Security+ CE certification More ❯

severity of breaches, develop mitigation plans, and assist with the restoration of services. We are seeking a Cyber Action Officer to support this critical customer mission. Responsibilities: Supporting the management of cyber incidents through the incident response lifecycle. Creating and maintaining routine reporting of cyber incidents in official systems of record, to include case management systems and ticketing. … Drafting summaries of ongoing operations and be able to provide oral presentations for various levels of leadership. Maintaining knowledge objects in system of record consistently and professionally. Threat and vulnerability management to recognize and categorize types of vulnerabilities, threat actors, and different operational threat environments, and associated attacks (MITRE ATT&CK framework). Knowledgeable of network security monitoring … system hardening, cyber hygiene techniques, and cybersecurity defense policies, procedures, and regulations. Requirements: U.S. Citizenship Active TS/SCI Clearance Must be able to obtain DHS Suitability BS Incident Management, Operations Management, Cybersecurity or related degree. HS Diploma with 7-9 incident management or cyber security experience. 5+ years of directly relevant experience in cyber incident management More ❯

Responsibilities & Qualifications RESPONSIBILITIES The ISSE will be responsible for the following: Security Tool Infrastructure Management: Primary responsibility for the backend infrastructure, deployment, patching, tuning, and overall health of security tools, including Tenable Nessus, Trellix ePO (HBSS/ESS), and associated Windows and Red Hat Linux servers. Proactively monitor system performance, identify bottlenecks, and implement solutions to ensure optimal operation … of security tools. Develop and maintain standard operating procedures (SOPs) for security tool administration. Vulnerability Management & System Hardening: Conduct technical security assessments of computing environments to identify points of vulnerability and recommend mitigation strategies. Implement Security Technical Implementation Guides (STIGs) on Windows and Red Hat Linux systems. Develop and implement security designs for new and existing network … troubleshooting support for cybersecurity tools such as ACAS and HBSS/ESS. RMF Support & Documentation: Support the documentation of security control implementations and gathering of artifacts to support Risk Management Framework (RMF) and ICD 503 Security Accreditation. Assist with RMF related tasks as needed. REQUIRED QUALIFICATIONS Active Top Secret-SCI DoD security clearance. Active DoD 8570 IAT II certification. More ❯

ll Be Doing As a key player in the security team, you'll: Provide expert technical guidance on securing IT assets, systems design, and change control. Lead the technical vulnerability management programme, with a focus on application security, WAFs, and secure development pipelines. Mentor junior team members and offer strategic security leadership. Investigate security incidents and support recovery … assessments. ?? What You Bring Strong knowledge of security tools and infrastructure: WAFs, SIEM, AV, firewalls, TCP/IP, and more. Familiarity with OWASP, zero-trust, SASE, and risk-based vulnerability management. A background in infrastructure or networks. Working towards or holding certifications like CISSP, GCIA, Security+, CCNA/CCNP. Understanding of ISO27001, Cyber Essentials, and AAF frameworks. Excellent communication More ❯

We are looking for an Information Security Analyst working as part of a central team supporting a mixture of security operations ensuring compliance with business needs. This will involve vulnerability management, making sure security controls are functioning, mentorship of more junior members and working as part of a 24 x 7 remote support rota. If you have experience More ❯

vision of the Global Cyber Defense (GCD) organization. This position leads a diverse team across multiple cybersecurity domains including Incident Response, Threat Intelligence, Red Team, Cyber Countermeasures, Threat Hunting, Vulnerability Management, Forensics, eDiscovery, and Insider Threat programs. The role requires a strategic thinker with deep technical expertise, strong leadership capabilities, and the ability to collaborate across business units … Lead efforts to identify and respond to emerging cyber threats using advanced threat intelligence and proactive defense strategies. Oversee incident response planning and execution, ensuring alignment with broader crisis management frameworks. Build and maintain robust capabilities in Data Loss Prevention, cyber forensics, and eDiscovery. Direct red teaming, cyber countermeasures, and threat hunting initiatives, including internal and external cyber defense … exercises. Drive effective vulnerability management strategies, ensuring integration with the wider D&T organization and reporting to senior leadership. Business Expertise Deep understanding of the cybersecurity landscape, including industry-specific threats and compliance requirements. Strategic knowledge of the business environment, regulatory landscape, and competitor capabilities. Ability to align cybersecurity initiatives with business objectives and risk management strategies. More ❯

Delivery Operations & Excellence · Previous work experience managing below three or more Cybersecurity delivery engagements - o Audit principles and associated compensating controls o Enterprise Security architecture o Cloud Security o Vulnerability Management o E-Mail security o Web Application Firewall o Cyber Incident Management (CERT) · Manage & maintain steady state global delivery operations (Green) · Manage Operational/delivery issues … Service Quality Review governance · Provides leadership & direction to Delivery team in complex problems and creates innovative solutions · Facilitates Business Continuity for the account during regional/location outages Team Management · Responsible for Performance Appraisal for direct reports · Support Delivery Head to manage team functions viz. resource selection, allocation, availability planning, effort estimation, utilization & attrition management · Tracking individual and …/weekly basis and continually improve them efficiently and effectively · Ensure that the productivity goals for the team are met, including service level, utilization, and customer satisfaction Customer Relationship Management · Acts as a trusted security advisor to the clients · Interlock with Management to define operations strategy and action plan based on Customer feedback & CSAT result · Analyzing customer requirements More ❯

and provide guidance on security control selection and implementation based on NIST guidelines. Work with stakeholders to integrate security engineering best practices into system development and sustainment. Provide program management to ensure efficient and effective accomplishment of all work detailed in the PWS. Summarize significant findings, activities, concerns in the Monthly Status Reports. Manage, oversee, and supervise the activities … and standards developed by the NIST, FISMA, DoD and other applicable Federal regulatory agencies. Provide cybersecurity expertise to support DoD OIG with planning, building, and running a cybersecurity risk management program aligned with DoD OIG's mission needs and in compliance with federal and DoD mandates by using fit-for-purpose methodologies, technology choices and organizational structures. Provide resources … depth awareness of next generation cloud technolgies and the impacy they may have on DoD OIG's environment. Support DoD OIG with daily threat monitoring and analysis, incident response, vulnerability management and other activities focused on monitoring, assessing, detecting, investigating, hunting, and responding to cybersecurity threats. This includes providing personnel to support the Cybersecurity Operations Center (SOC). More ❯

strong foundation in cloud security. Proficiency in Python Scripting is highly preferred. Minimum of 3 years experience in spearheading security solutions in large-scale environments. A comprehensive grasp of vulnerability management and various compliance standards. Adeptness with API-based security and compliance standards is highly valued. Knowledgeable in cloud networking, network security, virtualization, and cloud computing basics. Skillful … presenting solutions to leadership and customers. Preferred Experience: Hands-on experience with Palo Alto Prisma Cloud: 2+ years (Highly preferred) Strong Python scripting skills (Highly preferred) API configuration and management: 3+ years (Highly preferred) Cloud Security expertise: 3+ years Experience with Kubernetes: 3+ years Experience with other Cloud Security Posture Management (CSPM) tools: (Significant plus) Code Security knowledge More ❯

and ground assets from cyber threats and ensuring mission continuity through proactive cybersecurity engineering, monitoring, and risk mitigation. This role involves a blend of systems engineering, cyber threat analysis, vulnerability remediation, and compliance support. You will operate in a highly secure, mission-critical DoD environment with direct involvement in the cyber defense of national space communication systems. Job Responsibilities … and update system documentation, including hardware/software baselines, PPSM, and network diagrams. Coordinate directly with Information System Security Officers (ISSOs) and ISSMs to ensure RMF compliance. Perform network vulnerability scans, analyze findings, and prioritize remediation efforts. Execute STIG scanning and baseline hardening activities across operating systems and applications. Deliver fully tested vulnerability patches and virus signature updates … improvements. Required Skills: Minimum 7+ years of experience in cybersecurity engineering, preferably supporting DoD or space-related systems Experience with RMF, DISA STIGs, and system accreditation processes Proficiency with vulnerability management tools such as ACAS, Splunk, and ESS Experience with network and host-based intrusion detection/prevention systems (HIDS/NIDS/IPS) Strong knowledge of DoD More ❯

Strong understanding of information and IT security challenges and standards. Solid working knowledge of security technologies (e.g. Endpoint Protection, Data Protection, Cloud Security) and cyber capabilities (e.g. SIEM, SOC, Vulnerability Management). Familiarity with recognised frameworks such as ISO 27001, ISO 22301, NIST, COBIT, or ISF. Experience supporting security strategy within cloud-based environments. Demonstrated ability to manage More ❯

Key Responsibilities: • Design, implement, and maintain enterprise-level network architectures, ensuring security, scalability, and efficiency. • Develop and enforce network security policies, ensuring compliance with DoD regulations. • Perform risk assessments, vulnerability management, and mitigation strategies for classified network environments. • Lead network troubleshooting efforts, identifying root causes and implementing corrective actions to ensure network reliability. • Work with cross-functional teams … to integrate new technologies and optimize existing network infrastructure. • Maintain detailed network documentation, including diagrams, security controls, and change management logs. • Provide mentorship and training to junior network engineers, fostering a culture of technical excellence. • Monitor network performance, proactively identifying and resolving bottlenecks and security risks. • Stay up to date on emerging networking technologies and DoD cybersecurity policies to More ❯

existing operational solutions to complex problems as it pertains to Xacta systems administration. • Become familiar with business process engineering best practices while developing the customers implementation of the Risk Management Framework. • Apply domain knowledge and experience to identify and implement efficiencies in the administration of an Enterprise application. A Department of Defense (DOD) Top Secret or similar clearance based … five (5) years old. A Full Scope Polygraph is required for this position. Job Requirements Qualifications: Must have some knowledge with system security support IAW ICD 503/Risk management Framework (RMF). Candidates must also have the following experience and knowledge: • This position requires a current TS/SCI • Bachelor's Degree in Cybersecurity, Computer Science, Mathematics, Information … be substituted for a degree. • 5-7 years of general Information Technology, Application Administration, Systems Engineering is required. • Experience in system/application administration to include issue customer relationship management, Tier 1 & Tier 2 support activities. • Significant experience with documenting and communicating technical solutions that will be disseminated to a technical user base. • Demonstrate ability to communicate effectively with More ❯

and infrastructure design. Technical Toolkit: Strong command of Azure Log Analytics, KQL, and Azure-based security tools. Scripting: Python, PowerShell, Shell. Experience with IDS/IPS, firewalls, SIEMs, and vulnerability management tools. Strong grasp of Active Directory, Azure AD, and identity access governance. Familiarity with secure infrastructure platforms: SQL Server, Oracle, HA clustering. More ❯

and infrastructure design. Technical Toolkit: Strong command of Azure Log Analytics, KQL, and Azure-based security tools. Scripting: Python, PowerShell, Shell. Experience with IDS/IPS, firewalls, SIEMs, and vulnerability management tools. Strong grasp of Active Directory, Azure AD, and identity access governance. Familiarity with secure infrastructure platforms: SQL Server, Oracle, HA clustering. More ❯