Vulnerability and Application Scanning Lead

Role: Vulnerability and Application Scanning Lead

Location: Fort Knox, KY OR Remote Work

Education/Certifications: MA/MS preferred; Security+; IAT Level III certifications; Computing Environment Certifications

Years of Experience: 10+

Clearance Level & Investigation: Secret

IA Cert Level (DoD 8570.01): IAT Level III (CISSP, GASP+, GCED, or GCIH recommended)

Computing Environment Certifications: Required

Job Description:

Qualifications:

• Serves as Vulnerability and Application Scanning Lead with experience in performing correlation and scanning of application code (Java, .Net, etc.) with Government provided tools and other prescribed Cybersecurity tools to analyze risk and assess compliance across all systems, applications, and authorization boundaries.
• Provides mitigation and remediation strategies to application developers to address vulnerabilities in code.
• Uses current information security technology disciplines and practices to ensure the confidentiality, integrity, and availability of corporate information assets in accordance with established standards and procedures.
• Develops and maintains knowledgebase on changing regulatory, threat, and technology landscapes to continually develop or maintain security policies and standards, and ensure compliance throughout the organization.

Specific Responsibilities:

• Support execution of contract transition to ensure minimum service disruption to vital business and no service degradation during and after transition; ensure continuity of services while helping onboard personnel and jointly inventory intellectual and real property.
• Perform enterprise-wide risk analysis and vulnerability assessments to assess the command security posture.
• Coordinates and develops recommendations on Cybersecurity incident response, mitigation, remediation actions, or risk determination to protect command information systems from damage, destruction, or alteration IAW all required regulations and directives.
• Performs scans of all static code across all Customer systems and applications with the Government-approved tool.
• Complies with statutory and regulatory requirements supporting boundary authorizations IAW RMF.
• Delivers recommendations and reports as required.
• Provide recommendations and perform logging, correlation, and scanning with provided Government and Cybersecurity tools (Assured Compliance Assessment Solution (ACAS) and Army Endpoint Security System (AESS)).
• Analyze and correlate risk impact and compliance across all Customer systems, applications, and authorization boundaries.
• Provides surge support, technical guidance, and expertise in the areas of Cybersecurity to support Customer, Mission Partners, IMOs, ISSOs, IS Owners, Software Developers, Network System, and Database Administrators IAW all related cyber regulations and directives; provide results in reports, briefs, and deliverables as required to the appropriate Government representative.
• Provide Cybersecurity surge support in the event of real world or additional requirements in support of RMF compliance checks and documentation review across authorization boundaries, including, but not limited to:
  • Perform security review preparation for all security controls associated with RMF applicable to an assigned authorization boundary based upon the Confidentiality, Integrity, or Availability designation.
  • Perform on site or off-site reviews of all information systems to audit and validate compliance with associated security controls.
  • Perform as reviewers of audit teams during inspections, assessments, evaluations, audits, etc.
  • Provide reports to the assigned Government representative as required.
  • Provide reviews, validation, and deliverable efforts in support of compliance or non-compliance IAW CCI, STIGs and SRGs for each finding or vulnerability IAW RMF.
  • Provide embedded Cybersecurity support across Customer or other supported organizations as required.