ACAS Vulnerability Assessment Lead SME

About The Position

Requirements

• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• IAM I – CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• 12 + years of experience in enterprise vulnerability assessment and compliance scanning using ACAS, Tenable, and Nessus across multi‑domain environments.
• Strong problem‑solving and decision‑making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end‑users to executive management).

Responsibilities

• Directs enterprise vulnerability assessment operations using the Assured Compliance Assessment Solution (ACAS), Tenable Security Center, and Nessus scanning infrastructure to protect DoW mission systems across both unclassified and classified networks.
• Operates and sustains Tenable Security Center and Nessus scanning infrastructure to deliver continuous monitoring aligned with Risk Management Framework objectives and DoW guidance.
• Designs and configures credentialed vulnerability and compliance scans across virtualized, cloud, and on premise environments including VMware, Windows Server, Red Hat Enterprise Linux, container platforms, and network appliances.
• Develops and maintains custom scan policies, STIG and SRG compliance profiles, authenticated scanning credentials, and asset tagging structures aligned to mission criticality and operational risk.
• Analyzes vulnerability findings, validates results, performs risk categorization, and correlates findings with IAVA notifications, patch cycles, and configuration baselines.
• Coordinates remediation activities with system administrators, network engineers, and cybersecurity teams using ServiceNow, Jira, and SharePoint to track corrective actions and evidence closure.
• Produces authoritative vulnerability assessment reports, compliance dashboards, and executive summaries supporting Authorizing Officials, Senior Information Security Officers, and Combatant Command stakeholders.
• Maintains scanning infrastructure availability through lifecycle management, scanner updates, plugin maintenance, and performance tuning.
• Supports audit readiness, continuous monitoring reviews, and authorization decisions through traceable documentation and defensible reporting.
• Delivers measurable improvements in security visibility, vulnerability remediation velocity, and cyber resilience while advancing program values of mission assurance, operational readiness, accountability, and information advantage.
• Performs other duties as assigned.