Urgent and Immediate opportunity for a REMOTE, SW Vulnerability Technical Lead/Manager to join our clients team to support a long-term government contract. The selected candidate will have a Secret Clearance, Security+ certification, and 7-10 years of IT/Cybersecurity experience, specifically with management and operations of Static, Dynamic, open source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.
Responsibilities Include:
- Serve as the Technical Lead for Software Vulnerability Management Suite of Tools and daily operations
- Serve as a Line Manager for staff supporting Cybersecurity Software Vulnerability Management Suite of Tools (Sonatype, Fortify, WebInspect, Burp, etc), ranging from a staff of 1 to 5 staff members over the life of the contract
- Manage/oversee and or directly perform analyst and engineering duties. Provide surge support when the assigned analyst and engineer need to meet daily operations objectives
- Analyst Functions
- POA&MS
- Maintain a POA&M inventory of applications
- Review POA&M submissions, evaluate compliance, non-compliance, N/As, and false positives and prioritize recommendations for the development team.
Engineering Functions:
- Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization-s needs
- Support DevSecOPS integration
- Provide SAST Product suite installation, configuration and tuning
- Manage external data feeds integration (Dynamic Application Security Testing, Static Application Security Testing, Open Source Vulnerability Scanner, etc.) into the Security Center
Vendors:
- Conduct security evaluations of recommended vendor software for the enterprise
- Collaborate with AppSec tool suite vendors.
Reports/Metrics/Documentation:
- Collaborate with leadership to develop metrics based on enterprise situational awareness and monitoring
- Provide Central Application Vulnerability Management (CAVM) performance metrics
- Track, measure and evaluate application security compliance across the enterprise
#urgent #remote
Security/Certification Requirements:
- Must be a US Citizen and possess a Secret Clearance (Top Secret preferred - candidate must be willing to upgrade to TS
- Minimum CompTIA Security + Certification, but MUST be willing to obtaing one of the following certifications: CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH.
Qualifications Required:
- Bachelor-s degree and 10+ years of Information Technology or Cybersecurity related experience
- 5+ years of experience as an application developer
- 3+ years of experience with management and operations of Static, Dynamic, open source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.
- Experience managing and integrating SAST, DAST, OAST, IAST, and RAST with Central Application Vulnerability Management (CAVM) Solution
- Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
- Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
- Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
- Knowledge of DoD cybersecurity policies, practices, and requirements
- Strong organizational skills
Springfield, VA
1
Monday, March 28, 2022
Contract/Temp to Hire
6 months CTH
Tuesday, February 15, 2022
Know someone who would be a good fit? We pay for referrals!