SW Vulnerability Technical Lead/Manager (REMOTE)


Urgent and Immediate opportunity for a REMOTE, SW Vulnerability Technical Lead/Manager to join our clients team to support a long-term government contract. The selected candidate will have a Secret Clearance, Security+ certification, and 7-10 years of IT/Cybersecurity experience, specifically with management and operations of Static, Dynamic, open source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.

Responsibilities Include:

- Serve as the Technical Lead for Software Vulnerability Management Suite of Tools and daily operations
- Serve as a Line Manager for staff supporting Cybersecurity Software Vulnerability Management Suite of Tools (Sonatype, Fortify, WebInspect, Burp, etc), ranging from a staff of 1 to 5 staff members over the life of the contract
- Manage/oversee and or directly perform analyst and engineering duties. Provide surge support when the assigned analyst and engineer need to meet daily operations objectives
- Analyst Functions
- POA&MS
- Maintain a POA&M inventory of applications
- Review POA&M submissions, evaluate compliance, non-compliance, N/As, and false positives and prioritize recommendations for the development team.

Engineering Functions:
- Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization-s needs
- Support DevSecOPS integration
- Provide SAST Product suite installation, configuration and tuning
- Manage external data feeds integration (Dynamic Application Security Testing, Static Application Security Testing, Open Source Vulnerability Scanner, etc.) into the Security Center

Vendors:
- Conduct security evaluations of recommended vendor software for the enterprise
- Collaborate with AppSec tool suite vendors.

Reports/Metrics/Documentation:
- Collaborate with leadership to develop metrics based on enterprise situational awareness and monitoring
- Provide Central Application Vulnerability Management (CAVM) performance metrics
- Track, measure and evaluate application security compliance across the enterprise

#urgent #remote

Required Skills


Security/Certification Requirements:
- Must be a US Citizen and possess a Secret Clearance (Top Secret preferred - candidate must be willing to upgrade to TS
- Minimum CompTIA Security + Certification, but MUST be willing to obtaing one of the following certifications: CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH.

Qualifications Required:
- Bachelor-s degree and 10+ years of Information Technology or Cybersecurity related experience
- 5+ years of experience as an application developer
- 3+ years of experience with management and operations of Static, Dynamic, open source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.
- Experience managing and integrating SAST, DAST, OAST, IAST, and RAST with Central Application Vulnerability Management (CAVM) Solution
- Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
- Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
- Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
- Knowledge of DoD cybersecurity policies, practices, and requirements
- Strong organizational skills

Apply Now

Return to Search Results

Have a Question?

Location

Springfield, VA

Openings

1

Anticipated Start Date

Monday, March 28, 2022

Job Type

Contract/Temp to Hire

Anticipated Duration

6 months CTH

Date Posted

Tuesday, February 15, 2022

Know someone who would be a good fit? We pay for referrals!

Share this job:



Call 800-ELITE-50
Reference #10404

Elite Technical Services, Inc. participates in the E-Verify program to confirm the employment eligibility of all persons hired. This means that we will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. Elite Technical Services, Inc. will not use E-Verify to pre-screen job applicants.

Elite Technical Services, Inc. is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.