301 to 325 of 478 Permanent Vulnerability Management Jobs

office. Your future duties and responsibilities: The SaaS Information Security Officer primary responsibilities are but not limited to: Provide guidance, oversee the implementation of Advantage security controls. Serve as vulnerability management expert, which includes - monitoring vulnerability review, POAM tracking, reporting incorporating StateRamp guidance, and remediation efforts. Serve as the primary contact to StateRamp for all POAM tracking … date statuses are reported. Work with other Advantage teams to ensure security controls are incorporated in every phase of the development, testing, and configuration processes. Manage the Advantage Change Management processes & the security policy exception. Work with the various Engineering teams to coordinate, facilitate, or otherwise ensure certain activities are being performed for security tool installation or tool administration. … with security tools, including installation and reporting Proficient in scripting across multiple languages, including Linux shell scripting, Python, Perl, and Go. 2+ years of experience in container security, incident management, vulnerability management & access management Skilled in working with Oracle and SQL Server databases, with expertise in writing SQL DDL/DML. Over 3 years of experience More ❯

properly implemented in RMF packages within eMASS. Report system risk status using the DISA-approved reporting tool. Maintain the ConMon Dashboard, tracking compliance, POA&M status, CMRS visibility, asset management, FISMA reviews, and annual validations. Track automated and manual security controls, identifying overdue assessments and validations. Coordinate with System, ACAS, and HBSS/ESS Administrators to resolve credentialing and … and three (3) years of overall experience in cybersecurity or network security position. Additional relevant experience may be considered in lieu of degree. Understanding of security architecture, system hardening, vulnerability management, and intrusion detection/prevention Level II: Bachelor's degree (IT-related field preferred) and five (5) years of overall experience in cybersecurity or network security position. … experience may be considered in lieu of degree. Experience in developing, implementing, and conducting a continuous monitoring program for a large organization. Demonstrated proficiency in security architecture, system hardening, vulnerability management, and intrusion detection/prevention Original Posting: July 8, 2025 For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job More ❯

understand and be able to implement DoD RMF system accreditation processes. Assess use case and operational risk of integrated open source, and GOTS/COTS software components. Will use vulnerability management systems, automated security scanning tools, and system accreditation record systems. Must be able to grasp new concepts, facilitate information exchanges for data gathering, and collaborate with diverse … audiences. Will follow established processes where applicable, and establish and execute defensible processes where none are prescribed. Provide security planning, assessment, risk analysis, and risk management support. Recommend system-level solutions to resolve security requirements and guide the development team in meeting the security posture requirements. Support the Government in the enforcement of the design and implementation of trusted … inner workings of various software and system level applications. DoD 8570 compliance with IAT Level II (SSCP, Security+, CCNA-Security, or GSEC certification) Experience with DISA STIGs and SRGs, vulnerability management systems, mitigation and compliance processes, and reviewing results from automated security scanning tools. The ability to work independently and as part of a team is needed. Work More ❯

systems, subsystems, products and external interfaces, and may include a mixture of operational cybersecurity functions and governance, risk and compliance (GRC) activities. Key responsibilities include: Perform systems security risk management activities, including identifying security threats, analysing the risk exposure and presenting treatment options to mitigate security risk. Conduct asset management including maintaining accurate inventories of all hardware and … software configuration items. Maintain change management, through evaluation of system changes for cybersecurity impact and updating any affected security authorisation artefacts. Perform vulnerability management, including conducting automated vulnerability scans, using the provided toolset, to identify any open vulnerabilities and ensure they are appropriately documented, tracked and remediated in the given timeframes. Present cybersecurity solutions to non More ❯

We're flexible! We're happy to receive applications in English or German. Your tasks: In this key role, you will take on professional responsibilities within the Cyber Security Management team, supporting departments in managing Cyber Detection and Protection measures, including Vulnerability Management, Security Information and Event Management (SIEM), Incident Management, and overseeing the Change … pragmatic solutions with a sense of proportion Knowledge of security-relevant technologies, methods, and procedures, as well as preferably familiarity with banking or derivatives exchange processes Proficient in Project Management and Stakeholder Management Methodical and goal-oriented approach to work, with the ability to work autonomously within a team setting Experience with Information Security Standards such as BSI More ❯

Required: Up to 10% Type of Travel: Continental US The Opportunity: Are you looking for a role that will impact protecting our Homeland Security? Do you thrive in Risk Management Framework? If yes, please keep reading! We are seeking a skilled and detail-oriented Senior Security Control Assessor and Validator to join our team. The successful candidate will be … responsible for evaluating, testing, and validating the effectiveness of security controls within our organization's information systems and networks, with a strong emphasis on applying the Risk Management Framework (RMF). Onsite position at Alexandria, VA for all 5 days! Responsibilities: The Security Control Assessor, you will be responsible for the following: Serve as senior member and representative of … Provide guidance, coaching and training to employees of assigned team. Provide the United States Coast Guard (USCG) with tailored documentation to support their security authorization. Independent assessor for Risk Management Framework Steps 0 to 7. Plan and execute security control assessments for various information systems within the organization. Develop and maintain assessment procedures and methodologies aligned with NIST guidelines More ❯

safeguard national interests What We're Looking For 1-3 years of practical experience in Cyber Security Good understanding of core security principles and tools Exposure to network security, vulnerability management, or risk assessments (preferred) Familiarity with security frameworks such as ISO 27001, NIST, or PCI DSS (preferred) Professional certifications like Security+, CEH, or CISSP are desirable Analytical … acting as an Employment Agency in relation to this vacancy. People Source specialise in technology recruitment across niche markets including Information Technology, Digital TV, Digital Marketing, Project and Programme Management, SAP, Digital and Consumer Electronics, Air Traffic Management, Management Consultancy, Business Intelligence, Manufacturing, Telecoms, Public Sector, Healthcare, Finance and Oil & Gas. More ❯

safeguard national interests What We're Looking For 1-3 years of practical experience in Cyber Security Good understanding of core security principles and tools Exposure to network security, vulnerability management, or risk assessments (preferred) Familiarity with security frameworks such as ISO 27001, NIST, or PCI DSS (preferred) Professional certifications like Security+, CEH, or CISSP are desirable Analytical … acting as an Employment Agency in relation to this vacancy. People Source specialise in technology recruitment across niche markets including Information Technology, Digital TV, Digital Marketing, Project and Programme Management, SAP, Digital and Consumer Electronics, Air Traffic Management, Management Consultancy, Business Intelligence, Manufacturing, Telecoms, Public Sector, Healthcare, Finance and Oil & Gas. More ❯

understand and be able to implement DoD RMF system accreditation processes. Assess use case and operational risk of integrated open source, and GOTS/COTS software components. Will use vulnerability management systems, automated security scanning tools, and system accreditation record systems. Must be able to grasp new concepts, facilitate information exchanges for data gathering, and collaborate with diverse … audiences. Will follow established processes where applicable, and establish and execute defensible processes where none are prescribed. Provide security planning, assessment, risk analysis, and risk management support. Recommend system-level solutions to resolve security requirements and guide the development team in meeting the security posture requirements. Support the Government in the enforcement of the design and implementation of trusted … inner workings of various software and system level applications. DoD 8570 compliance with IAT Level II (SSCP, Security+, CCNA-Security, or GSEC certification) Experience with DISA STIGs and SRGs, vulnerability management systems, mitigation and compliance processes, and reviewing results from automated security scanning tools. The ability to work independently and as part of a team is needed. Work More ❯

authentication mechanisms. Hands-on knowledge of information security technologies such as security design review, threat modeling, risk analysis, and software testing techniques. Hands-on experience with security testing tools, vulnerability management tools, and secure development environments. Excellent English written and verbal communication skills Ability to work with cross functional teams Preferred Qualifications: Experience with Linux, AOSP or RTOS …/C++ or Python Experience with software development methodologies, code reviews, and version control Knowledge of secure coding practices, including mitigating common vulnerabilities. Strong understanding of cryptographic algorithms, key management, and secure communication protocols Familiarity with embedded architectures, such as ARM and related security architecture LOCATION Remote, Italy. More ❯

Officer (ISSO) for a designated NAVAIR program. Manage day-to-day cybersecurity activities, including the oversight of less senior staff and their assigned responsibilities. Perform duties of the Risk Management Framework (RMF) ISSO role, including: Develop platform RMF authorization packages. Prepare/Update RMF documentation. Prepare IATTs and Use Case MFRs as required to support development and testing. Prepare … for CyberSafe authorization in parallel with the system authorizations. Establish Cybersecurity policies IAW security control implementations. Implement a Cybersecurity Plan. Perform asset and vulnerability management via VRAM reporting. Perform vulnerability assessments and system authorization activities through collaboration with SMEs (System Administrators, Network Admins, Lab Managers, Program Managers, and ISSMs). Perform system security assessments. Evaluate and report … software IAW DITPR/DADMS requirements. REQUIREMENTS 10 years of experience in Information Systems Security. Experience as an ISSO in the following areas: Risk Management Framework (RMF) processes. Cybersecurity/A&A tools (i.e., eMASS, eMASSter, STIG Viewer, SCAP Compliance Checker (SCC), VRAM, and Visio). IT Systems and Subsystems. Project Management. Written & Verbal Communications. Teamwork & Collaboration. Working on More ❯

8+ years of experience, or a Master's degree plus 6 years of experience. Python/Java programming Understanding of DevOps principles: CI/CD pipelines, GitOps, automation, configuration management, and IaC Familiar with Scaled Agile methodology Familiarity with security best practices, risk, compliance & vulnerability management, encryption & PKI, incident response, auditing and monitoring Proficiency in languages such … Solutions Architect preferred) and its services (including fundamental AWS networking), knowing Azure is a plus Containerization knowledge of Docker and Kubernetes Strong understanding of API Design, testing, development and management Tools: CI/CD tools: Gitlab, Nexus Managed Artifacts, AWS: AWS EKS, EC2, Lambda, S3, EBS/EFS, VPC, DNS, IAM, KMS, CloudWatch, CloudTrail Configuration management: Ansible, Terragrunt More ❯

Active Directory and create and modify Group Policy Objects. • Report on system uptime and SLA performance. • Audit server utilization. • Assist in building, coordinating, maintaining, changing, and updating, the Risk Management Framework (RMF) Assessment and Authorization (A&A) packages for the five enclaves administered by AFOSI. • Ensure that all application deliverables and systems comply with applicable DISA STIGs or Security … Horizon. • Experience administering servers in a virtualized production environment using VMWare vSphere 7.x or 8.x technology. • Experience with PowerShell for command line and scripting to include scripting for account management, patch deployment, software inventory, service control, and/or object attribute modification. • Experience installing, configuring, and maintaining servers with Microsoft Windows. • Experience with rack mounted or blade server hardware. … with backup and restore procedures, and disaster recovery planning. • Must have experience with RMF and applying STIGs. • Working knowledge of IT Systems Maintenance Compliance processes to include information assurance vulnerability management (IAVM). • Experience creating, reviewing, and revising security documentation and artifacts. • Strong understanding of network fundamentals to include TCP/IP and sub-nets desired. • Experience with More ❯

incidents. Perfect for someone who enjoys being in sole contributor and operating strategically and tactically. We're looking for candidates with experience in: Managing global security incidents at scale Vulnerability management and remediation programs Frameworks like NIST and MITRE ATT&CK Cloud security (Azure preferred) Reporting and communicating with both technical teams and senior stakeholders Comfortable working closely More ❯

implementing changes accordingly. Establish and develop solution architecture for IT security and end-user service domains, ensuring security is integrated into all aspects of the organisation's IT. Oversee vulnerability management and secure the design of IT services. Involvement in Monitoring, identification, resolution activities, and reporting of IT security KPI's and Incidents. Liaise with Data Protection Officer … in on-call and shift rotas. Attend training courses as identified and follow up with exams/qualifications if available. Implement IT Changes in line with the IT Change Management Procedure. Maintain high level of awareness in IT, Information, and Cyber Security and provide information and advice to others as necessary. Work with elevated account privileges and permissions in More ❯

You'll be at the heart of their SecOps function, helping to shape and improve their cyber capabilities. What they are looking for : Someone comfortable with SIEM, EDR, and vulnerability management tooling (Rapid7, CrowdStrike, Qualys etc.) Scripting and automation Strong foundational IT and networking knowledge Familiarity with patching solutions and email security tools A proactive mindset and good More ❯

Patching Lead in support of the Department of the Air Force (DAF) Enterprise IT as a Service (EITaaS) program. The successful candidate will be responsible for overseeing the patch management process across our organization using Microsoft Endpoint Configuration Manager. This role requires in-depth knowledge of MECM, Windows operating systems, and best practices in patch management and security. … On the EITaaS program, CACI will deliver enhanced capabilities and services to implement and operate an enterprise SIPR ITSM solution, enterprise service desk, endpoint management and security solution, as well as CONUS/OCONUS field support and life cycle support for end user devices to enable the DAF to transition focus from IT operations to mission operations. Responsibilities: Develop … implement, and maintain a comprehensive patch management strategy using MECM. Plan, schedule, and oversee the deployment of security updates, hotfixes, and service packs across the organization's IT infrastructure on the SIPR network to meet DAF mission requirement. Manage the entire application patching lifecycle, while tracking all relevant SLA/SLRs and provide reports as required. More About The More ❯

Type of Travel: None The Opportunity: CACI as a Prime Contractor on MWIII Bridge. All positions in Hanover, MD area. MWIII Bridge develops and supports Identity, Credential, and Access Management (ICAM) capabilities for the enterprise and stand-alone deployment throughout the IC. Tasks include program management, mission support, soft ware integration, soft ware development, system engineering, migration, testing … documentation development, network and system monitoring, configuration control and release management. Responsibilities: Provide Systems Engineering and Technical Support to the Identity Credential and Access Management (ICAM) for Zero Trust Implementation. The candidate must have the ability to understand and work with technologies including REST, Oracle/MySQL, MongoDB, PostgreSQL, JSON, XML, Docker, AWS, Nifi, Single Sign-On (OAuth and … experience as a SE in programs and contracts of similar scope, type and complexity is required. Bachelor's degree in System Engineering, Computer Science, Information Systems, Engineering Science, Engineering Management, or related discipline from an accredited college or university is required. DoD 8570 compliance with IAT Level I or higher is required if COR determines that the position's More ❯

major incidents to determine the affected/vulnerable systems, affected/vulnerable users Identify any business areas impacted and coordinate communications with all relevant stakeholders as per Major Incident Management process. Coordinate the remediation and containment activities as advised by either the NTT DATA SOC or Incident Response Team. Oversee, support, and manage through to completion the investigative and … Manager in review of any service delivery processes and workflows, identifying areas for optimization and implementing best practices. Co-ordinate the running and reporting of a risk-based vulnerabilities management including: Scanning systems, networks, and applications to detect potential security weaknesses. Prioritize vulnerabilities based on their risk level, potential impact, and the criticality of the affected assets, ensuring that … challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security service delivery management and have evidence of experience in a number of the following fields of expertise: At least 10 years of experience in providing technical support and advice for a Security More ❯

major incidents to determine the affected/vulnerable systems, affected/vulnerable users Identify any business areas impacted and coordinate communications with all relevant stakeholders as per Major Incident Management process. Coordinate the remediation and containment activities as advised by either the NTT DATA SOC or Incident Response Team. Oversee, support, and manage through to completion the investigative and … Manager in review of any service delivery processes and workflows, identifying areas for optimization and implementing best practices. Co-ordinate the running and reporting of a risk-based vulnerabilities management including: Scanning systems, networks, and applications to detect potential security weaknesses. Prioritize vulnerabilities based on their risk level, potential impact, and the criticality of the affected assets, ensuring that … challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security service delivery management and have evidence of experience in a number of the following fields of expertise: At least 10 years of experience in providing technical support and advice for a Security More ❯

experience may be considered in lieu of degree. Active DoD Top Secret clearance with SCI eligibility required DoD 8570 IAM II or IAT II certification Proficiency in PPSM Registry management, eMASS, and DISA DMZ Whitelist processes Demonstrable experience with network security, ports/protocols, firewalls, and boundary protection Experience in vulnerability management and assessment Understanding of network More ❯

do The Cyber Incident and Threat Analyst SME will lead, manage, and provide expert-level cyber threat intelligence (CTI) and cybersecurity triage and analysis to support incident response and vulnerability management operations. The team Deloitte's Government and Public Services (GPS) practice - our people, ideas, technology and outcomes-is designed for impact. Serving federal, state, & local government clients … implement transformational enterprise security programs with an emphasis on defending against, recovering from, and mitigating major cyberattacks. If you're seeking a career that increases cyber awareness, utilizes risk management programs, and develops strategies for cyber defense and response, then the Cyber SDR offering at Deloitte is for you. Qualifications Required: Bachelor's degree required Must be legally authorized More ❯

agile cybersecurity authorization that works closely with system administrators or developers early and throughout the development, testing, and implementation phases. Register the information system with appropriate organizational program/management offices. Establish and maintain security controls to protect information systems and data as identified in NIST 800-53 and CNSSI 12-53 as well as any other implemented requirements …/NNSA directives to identify potential impacts. Make recommendations for implementation of NNSA policy/guidance changes. Information System Security Manager (ISSM), Authorizing Official Designated Representative (AODR) and Program Management Requirements: Ensure that system, application and hardware authorization activities such as ISSPs, Risk Assessments, Security Baselines, etc. are completed in a timely and accurate manner. This includes initial authorization … approval upon approval from the ISSM. Maintain a knowledge of AO approved risk boundaries and risk tolerance. Update authorization documentation at organizationally defined frequency in accordance with the risk management objectives of the organization. Shall only approve operations that are covered within existing authorizations (instantiate). Ensure that all decisions made by the AODR will support the AO and More ❯

located near Wright-Patterson Air Force Base in Beavercreek, OH. We have earned national and regional awards in the Department of Defense for our proven IT, Engineering, and Program Management capabilities. We are committed to working with exceptional quality and professionalism to deliver excellence to our customers, while providing our employees with a stimulating and satisfying work environment as … maintain, and track system's cybersecurity baselines via eMASS or equivalent, IAW cybersecurity policies, guidance, and plans. Review, assess, create, and update enclave documentation in eMASS and any Configuration Management (CM) system for the ISSM review and approval such as: Security Plan, Security Assessment Plan, Category selection checklist, control results, and POA&Ms. Identify, collect, review, and maintain RMF …/revisions. Review and provide inputs to modification packages, program/system documents and support agreement updates, and communications and network infrastructure upgrades to ensure proper cybersecurity configuration modification management and planning support are implemented. Review system's test plans and test results and if necessary, observe system testing for security control implementation IAW cybersecurity policies, guidance, and plan. More ❯

identify emerging threats and vulnerabilities. Track and profile threat actors, malware campaigns, and attack techniques relevant to our industry and assets, participating in confidential security investigations. Collaborate with incident management, SOC, and security engineering teams to enhance detections and improve threat response effectiveness. Produce high-quality, actionable intelligence reports to inform stakeholders and support proactive security decisions. Enhance team … to reduce false positives and strengthen protections. Strong experience with SIEM solutions such as Splunk or Kibana. Proficiency in maintaining and troubleshooting IAM platforms, including SSO integration. Experience with vulnerability management and scanning solutions. Proficient with XDR platforms, ensuring continuous improvement in detection and response capabilities, including automation playbooks. Ability to plan and execute migration activities from legacy More ❯