Job Description

Overview:

Designs and develops new systems, applications, and solutions for external customer's enterprise-wide cyber systems and networks. Ensures system security needs established and maintained for operations development, security requirements definition, security risk assessment, systems analysis, systems design, security test and evaluation, certification and accreditation, systems hardening, vulnerability testing and scanning, incident response, disaster recovery, and business continuity planning and provides analytical support for security policy development and analysis. Integrates new architectural features into existing infrastructures, designs cyber security architectural artifacts, provides architectural analysis of cyber security features, and relates existing system to future needs and trends, provides engineering recommendations, and resolves integration and testing issues. Help to d efine, implement, and manage Vulnerability Management Program through the identification and analysis of known and newly found vulnerabilities to determine their operational and security impact. Address vulnerabilities found through remediation recommendations, vulnerability alerts and vulnerability bulletins. This task area requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation. May interface with external entities including law enforcement, intelligence and other government organizations and agencies.

Qualifications:

The ideal candidate will have at least seven (7) years of IT knowledge and demonstrated hands-on experience in cyber security. Experience working with cross-functional teams (i.e., engineering, operations, and cybersecurity).

You will support the security operations related to the following areas:
* Knowledgeable and deep understanding of vulnerability and risk management.
* Strong verbal and written communication skills required, and problem-solving ability.
* Experience with Tenable.sc/Nessus vulnerability scanning and reporting.
* Ability to articulate raw vulnerability and audit data into executive reports.
* Experience with BigFix or equivalent patch management software.
* Understanding of Splunk or equivalent SEIM / Log Aggregationtool.
* Familiar with attack and exploitation techniques involving operating systems, applications, and devices.
* Experience in configuration management with STIG/SCAP compliance baselines for windows, mac, Linux.
* Knowledgeable of NIST SP 800-53 security and privacy controls.
* Knowledgeable of FISMA reporting requirements.
* Experience with CSAM or equivalent security assessment reporting tool.
* Experience with Incident Response Team (IR/IRT) troubleshooting, root cause analysis and remediation verification.
* Ability to successfully accomplish tasks with minimal oversight and management.
* Familiar with FedRAMP for IaaS, PaaS, SaaS.
* Knowledgeable of Identity Management, ICAM/IDAM and authorization, least privilege, and reducing unauthorized elevated access.
* Understanding of Firewalls to include basic networking, sub-netting, IDS, NAT, ACL's.

Required Certification:

* CISSP

Desired Certifications:

* CCSP
* CEH
* ITIL Foundations Certification (v3/v4), or ability to obtain certification within 3 months.

Education:

Bachelor's Degree in Business, Engineering, Computer Science, Information Systems, or Social Science or minimum 7 years of experience in lieu of degree

Job Responsibilities:

* Perform scheduled and planned and ad-hoc vulnerability scanning, determine remediation options and track remediation to completion.
* Perform and automate both vulnerability and compliance scans using industry-standard vulnerability scanning software.
* Develop remediation and mitigation guidance to include vendor-supplied remediation's, mitigating actions to reduce risk, and actions to address vulnerabilities.
* Provide technical leadership to the vulnerability management program, including developing and managing remediation activities.
* Assist with the development and implementation of strategies to enhance and mature the vulnerability management program.
* Lead efforts in providing responses to quarterly FISMA reports.
* Track and provide vulnerability metrics and compliance.
* Provide oversight for the remediation of vulnerabilities on the internal team's servers.
* Create, maintain, and mature vulnerability management standard operating procedures (SOPs) and associated documentation.
* Create and track and provide status of plan of actions and milestones (POAMs) from submission through remediation.
* Analyze and help prioritize vulnerabilities to help the business understand the security impacts.
* Collaborates with end users, infrastructure support teams and other contractors to define and measure security policy and standards across the customer's environment.
* Inspires and fosters confidence in others with ability to effectively communicate with various customercommunitiesto understand their needs and provide them guidance on how to best protect them through your observations and recommendations.
* Interfaces directly with the government customer's technical security teams to collect, integrate, interpret, and report using various tools to demonstrate risk, and advise stakeholders on a course of action.
* Maintain documentation repositories related to vulnerability management for use by internal staff and technical stakeholders .
* Provides guidance to the Event Detection and Incident Responseefforts through policy development and identification of weaknesses in the program.
* Supports the customer's business activities related risk identification and measurement systems within various technical and usage boundaries.

The likely salary range for this position is $96,000 - $144,000, this is not, however, a guarantee of compensation or salary; rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:
40

Travel Required:
None

T elecommuting Options:
Some Telecommuting Allowed

Work Location:
USA LA Bossier City

Additional Work Locations:
Any Location / Remote

Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.nnGDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

PI130734967