Amentum
Vulnerability Assessment Team Lead IRES - HSV
Amentum, Huntsville, Alabama, United States, 35824
Vulnerability Assessment Team Lead IRES - HSV
Position Title: Vulnerability Assessment Team Lead
Location:
Redstone Arsenal, Huntsville, AL
Relocation Assistance:
None available at this time
Remote/Telework:
NO - Not available for this position
Clearance Type:
DoD Secret
Shift:
Day shift (Mon-Fri)
Travel Required:
Up to 25% of the time
Description of Duties:
The
Vulnerability Assessment Team Lead
supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will:
Provide Subject Matter Expert oversight and guidance on the MDA Cybersecurity Service Provider - Computer Emergency Response Team’s (MDA CSSP-CERT’s) Vulnerability Assessment Program and serve as the primary POC for customer decision points.Analyze correlated asset, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture.Develop, instruct, and evaluate a Vulnerability Assessment Analyst Training Plan in support of training and mentoring Junior, Mid, and Senior Vulnerability Assessment Analysts.Support the development, establishment, review and update of Defensive Cyberspace Operations (DCO) procedures, processes, manuals, and other documentation.Provide standardized and targeted training in support of MDA CSSP-CERT Subscriber vulnerability management programs.Coordinate with MDA CSSP-CERT Subscribers to notify, investigate, and remediate discrepancies with ACAS, ESS, or other compliance information.Assist with host-based security solutions across the enterprise utilizing Trellix Endpoint Security Solutions (ESS), to include: anti-malware, Endpoint Security (ENS), data loss prevention, and rogue system detection.Perform DCO / CSSP duties outlined in Evaluator Scoring Metrics (ESM).Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture.Perform and analyze vulnerability scans, data trending, and reporting utilizing Assured Compliance Assessment Solution (ACAS / Nessus) scanning tool.Perform and analyze network security threat and impact assessments.Perform assessments of systems and networks, and identify where those systems and/or networks deviate from acceptable configurations, enclave policy, or local policy.Measure effectiveness of defense-in-depth architecture against known vulnerabilities.Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document/report the findings in accordance with CJCSM 6510.01B guidelines.Support Incident Response across the MDA Enterprise IAW DoD regulations and instructions.Lead cyber event and incident investigations from start to conclusion, to include gathering data, analysis, and reporting.Create, update, and manage queries and dashboards pertaining to ESS, ACAS, and related security tools.
Basic Requirements:
Must have one of the following combinations of education and experience: HS Diploma (or GED) and 10 years of general experience; Associate’s degree and 8 years of general experience; Bachelor’s degree and 6 years of general experience; Master’s degree and 4 years of general experience.Must have 8 years of direct experience in applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing and/or preparing audit reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions.Must have 4 years’ experience in management or leadership in a team environment.Must have a DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CCNA Security, CySA+, GICSP, GSEC, Security+ CE, C|ND, SSCP).Must have, or be able to obtain, a DoD 8570.01-M IAM Level III certification with Continuing Education (CE) - (CISM, CISSP (or Associate), GSLC, or C|CISO).Must have, or be able to obtain, a DoD 8570.01-M CSSP Auditor certification with Continuing Education (CE) - (C|EH, CySA+, CISA, GSNA, CFR, PenTest+).Must have an active DoD SECRET Security Clearance.
Desired Requirements:
Have a Master's degree, or higher, in Cybersecurity, Computer Science, or related field.Have experience configuring and performing scans ACAS / Nessus.Have a background in configuration, troubleshooting, policy development, and deployment of host-based security (ESS preferred).Be able to mentor and train personnel in an evolving and high-paced environment.Be familiar with DoD Security Operations Centers (SOCs) (aka CSSP).Be familiar with DCO / CSSP-guiding security policies and procedures.Have an active DoD TOP SECRET Security Clearance.
This position is expected to pay
$155,000 - $180,000
annually; depending on experience, education, and any certifications that are directly related to the position.#J-18808-Ljbffr
Position Title: Vulnerability Assessment Team Lead
Location:
Redstone Arsenal, Huntsville, AL
Relocation Assistance:
None available at this time
Remote/Telework:
NO - Not available for this position
Clearance Type:
DoD Secret
Shift:
Day shift (Mon-Fri)
Travel Required:
Up to 25% of the time
Description of Duties:
The
Vulnerability Assessment Team Lead
supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will:
Provide Subject Matter Expert oversight and guidance on the MDA Cybersecurity Service Provider - Computer Emergency Response Team’s (MDA CSSP-CERT’s) Vulnerability Assessment Program and serve as the primary POC for customer decision points.Analyze correlated asset, threat, and vulnerability data against known adversary exploits and techniques to determine impact and improve network defensive posture.Develop, instruct, and evaluate a Vulnerability Assessment Analyst Training Plan in support of training and mentoring Junior, Mid, and Senior Vulnerability Assessment Analysts.Support the development, establishment, review and update of Defensive Cyberspace Operations (DCO) procedures, processes, manuals, and other documentation.Provide standardized and targeted training in support of MDA CSSP-CERT Subscriber vulnerability management programs.Coordinate with MDA CSSP-CERT Subscribers to notify, investigate, and remediate discrepancies with ACAS, ESS, or other compliance information.Assist with host-based security solutions across the enterprise utilizing Trellix Endpoint Security Solutions (ESS), to include: anti-malware, Endpoint Security (ENS), data loss prevention, and rogue system detection.Perform DCO / CSSP duties outlined in Evaluator Scoring Metrics (ESM).Perform cybersecurity duties on customer networks (proactively and reactively) to improve enterprise-wide security posture.Perform and analyze vulnerability scans, data trending, and reporting utilizing Assured Compliance Assessment Solution (ACAS / Nessus) scanning tool.Perform and analyze network security threat and impact assessments.Perform assessments of systems and networks, and identify where those systems and/or networks deviate from acceptable configurations, enclave policy, or local policy.Measure effectiveness of defense-in-depth architecture against known vulnerabilities.Review data of ongoing intrusions or cybersecurity incidents and report, analyze, and document/report the findings in accordance with CJCSM 6510.01B guidelines.Support Incident Response across the MDA Enterprise IAW DoD regulations and instructions.Lead cyber event and incident investigations from start to conclusion, to include gathering data, analysis, and reporting.Create, update, and manage queries and dashboards pertaining to ESS, ACAS, and related security tools.
Basic Requirements:
Must have one of the following combinations of education and experience: HS Diploma (or GED) and 10 years of general experience; Associate’s degree and 8 years of general experience; Bachelor’s degree and 6 years of general experience; Master’s degree and 4 years of general experience.Must have 8 years of direct experience in applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing and/or preparing audit reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions.Must have 4 years’ experience in management or leadership in a team environment.Must have a DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CCNA Security, CySA+, GICSP, GSEC, Security+ CE, C|ND, SSCP).Must have, or be able to obtain, a DoD 8570.01-M IAM Level III certification with Continuing Education (CE) - (CISM, CISSP (or Associate), GSLC, or C|CISO).Must have, or be able to obtain, a DoD 8570.01-M CSSP Auditor certification with Continuing Education (CE) - (C|EH, CySA+, CISA, GSNA, CFR, PenTest+).Must have an active DoD SECRET Security Clearance.
Desired Requirements:
Have a Master's degree, or higher, in Cybersecurity, Computer Science, or related field.Have experience configuring and performing scans ACAS / Nessus.Have a background in configuration, troubleshooting, policy development, and deployment of host-based security (ESS preferred).Be able to mentor and train personnel in an evolving and high-paced environment.Be familiar with DoD Security Operations Centers (SOCs) (aka CSSP).Be familiar with DCO / CSSP-guiding security policies and procedures.Have an active DoD TOP SECRET Security Clearance.
This position is expected to pay
$155,000 - $180,000
annually; depending on experience, education, and any certifications that are directly related to the position.#J-18808-Ljbffr