Vulnerability Management Lead Engineer
Apply NowCompany: ECS
Location: Fairfax, VA 22030
Description:
ECS is seeking a Vulnerability Management Lead Engineer to work in our Fairfax, VA office.
ECS is seeking talented professionals to join our successful and growing team in building the next-generation Continuous Diagnostics and Mitigation (CDM) Cyber data solution. The CDM Program is the Cybersecurity and Infrastructure Security Agency's (CISA) dynamic approach to strengthening the cybersecurity of Federal networks and systems through better awareness and visibility into their security posture and cyber threats. ECS is responsible for designing, building, deploying, operating, and maintaining a complete 'Data Services' solution which includes the collection, normalization, visualization, and sharing of cyber data from more than 100 Federal agencies. The CDM Data Services product is an integrated suite of multiple Commercial Off the Shelf (COTS) products, software configuration packages, and custom code which work together to operate as an integrated solution tailored to meet Department of Homeland Security (DHS) requirements.
We are seeking professionals who thrive in a dynamic, fast-paced, and highly collaborative environment where problem-solving, critical thinking, and a holistic approach to serving the mission are key. Our program operates within the Scaled Agile Framework (SAFe). An aptitude and enthusiasm for continuous learning, improvement, and cyber security is a must!
As the Vulnerability Management Lead Engineer, you will be responsible for developing and implementing a comprehensive vulnerability management strategy for CDM Data Services. You will work with a team of engineers in identifying, prioritizing, and mitigating vulnerabilities across our codebase and infrastructure, ensuring the security and integrity of our software development lifecycle. Your expertise will be instrumental in shaping our vulnerability management practices and ensuring compliance with government standards and regulations. Specific responsibilities include but are not limited to:
ECS is seeking talented professionals to join our successful and growing team in building the next-generation Continuous Diagnostics and Mitigation (CDM) Cyber data solution. The CDM Program is the Cybersecurity and Infrastructure Security Agency's (CISA) dynamic approach to strengthening the cybersecurity of Federal networks and systems through better awareness and visibility into their security posture and cyber threats. ECS is responsible for designing, building, deploying, operating, and maintaining a complete 'Data Services' solution which includes the collection, normalization, visualization, and sharing of cyber data from more than 100 Federal agencies. The CDM Data Services product is an integrated suite of multiple Commercial Off the Shelf (COTS) products, software configuration packages, and custom code which work together to operate as an integrated solution tailored to meet Department of Homeland Security (DHS) requirements.
We are seeking professionals who thrive in a dynamic, fast-paced, and highly collaborative environment where problem-solving, critical thinking, and a holistic approach to serving the mission are key. Our program operates within the Scaled Agile Framework (SAFe). An aptitude and enthusiasm for continuous learning, improvement, and cyber security is a must!
As the Vulnerability Management Lead Engineer, you will be responsible for developing and implementing a comprehensive vulnerability management strategy for CDM Data Services. You will work with a team of engineers in identifying, prioritizing, and mitigating vulnerabilities across our codebase and infrastructure, ensuring the security and integrity of our software development lifecycle. Your expertise will be instrumental in shaping our vulnerability management practices and ensuring compliance with government standards and regulations. Specific responsibilities include but are not limited to:
- Develop and Implement Vulnerability Management Strategy: Create and execute a comprehensive vulnerability management strategy that aligns with industry best practices and regulatory requirements.
- Vulnerability Scanning and Identification: Collaborate with the compliance and engineering teams to identify and prioritize vulnerabilities through regular scanning and analysis of our codebase.
- Vulnerability Prioritization and Mitigation: Work with the compliance and engineering teams to prioritize and mitigate vulnerabilities based on risk and business impact.
- Compliance and Governance: Ensure compliance with industry standards and regulations, such as OWASP, NIST, CMMC.
- Knowledge Sharing and Collaboration: Share knowledge and best practices with the engineering team and other stakeholders to promote a culture of security and vulnerability management.
- Stakeholder Management: Communicate vulnerability management strategies and progress to senior leadership, engineering teams, and other stakeholders.
- Process Improvement: Continuously evaluate and improve vulnerability management processes to ensure they are efficient, effective, and aligned with industry best practices.
- US citizenship with ability to obtain Public Trust Suitability
- Bachelor's Degree or equivalent additional experience
- 5-10+ years of experience in vulnerability management, security engineering, or a related field
- Strong knowledge of vulnerability management frameworks, such as OWASP and NIST
- Experience with vulnerability scanning tools, such as Nessus, Qualys, or Burp Suite
- Experience with cloud-based platforms, such as AWS or Azure
- Excellent communication and stakeholder management skills
- Ability to work in a fast-paced, agile environment
- Certifications in security-related fields, such as CompTIA Security+ or CISSP, are a plus