D-SIL Vulnerability Management Engineer

About The Position

Requirements

• Education: Bachelor's degree
• This position requires a US Citizenship.
• Must possess an active Secret clearance with eligibility for upgrade to Top Secret (TS)
• Must possess DoD 8570 IAT Level II and DoD 8140 CSSP Auditor compliant certifications.
• Position may require up to 25% travel as needed
• OCONUS travel may be required
• Strong Scripting & Automation: Proven experience building and maintaining automation and data integration pipelines, primarily using Python and APIs.
• Vulnerability Management Tools: Hands-on experience administering an enterprise-scale vulnerability management solution, with a strong preference for Tenable/ACAS.
• Linux Proficiency: Proficiency in a Linux command-line environment with the ability to perform intermediate troubleshooting of applications, services, and connectivity issues.
• Data Integration: Demonstrated experience integrating security tool data into a SIEM (e.g., Splunk, Elastic Stack) or other data analytics platform.
• Risk Analysis: Strong understanding of risk-based vulnerability prioritization using frameworks like CVSS.
• Communication: Strong written and verbal communication skills with the ability to translate complex technical data into clear, actionable insights.

Nice To Haves

• Experience with data visualization and dashboard development in platforms like Elastic/Kibana, Power BI, or similar.
• Familiarity with container technologies (Docker, Kubernetes) and container security principles.
• General knowledge of virtualization concepts (VMware ESXi).
• Familiarity with security standards and frameworks such as NIST.
• Experience with ticket management systems like Jira.

Responsibilities

• Service Ownership & Platform Health: Own the ACAS service, ensuring the platform's health, availability, and performance. Troubleshoot application-level issues, and coordinate with operations teams for deeper infrastructure support when necessary.
• Data Pipeline & Automation Engineering: Design, build, and maintain scripts and automation for data ingestion, enrichment, and correlation. Engineer resilient data pipelines to extract vulnerability data from ACAS, container scanning solutions, and other sources.
• SIEM Integration: Architect and manage the seamless flow of vulnerability data into the enterprise SIEM. Ensure data is properly parsed, indexed, and structured to enable analysis for the security operations team.
• Reporting & Visualization: Gather and consolidate vulnerability findings for the enterprise network and its customers. Develop and automate the delivery of metrics, advisories, and trend analysis. Build and maintain actionable dashboards that provide stakeholders with a clear, risk-prioritized view of their security posture.
• Stakeholder Collaboration: Act as the subject matter expert for vulnerability data. Provide risk-based assessments and clear intelligence to system owners and the CSSP to inform and prioritize remediation activities.
• Process & Documentation: Produce and maintain clear, audit-ready documentation for the vulnerability management service, data flows, and all custom-built integrations.

Benefits

• RMC differentiates itself from other firms through its investment in our employees. We invest our resources to train, certify, educate, and build our employees.
• RMC can offer you a great place to work with a small company feel and give you the experience, tuition assistance, and certifications that will take your career to the next level.
• This also includes a competitive paid vacation package with 11 paid federal holidays.
• Additionally, we also offer high-quality, low-deductible healthcare plans, pet insurance, and a competitive 401K package.