Lead Enterprise Scanning Engineer

About The Position

Requirements

• Bachelor’s degree and a minimum of 9 years of relevant experience; 7 years with a Masters.
• An additional 4 years of experience will be considered in lieu of degree/education.
• Possess and maintain, or be able to obtain before start date, one of the following professional certifications.
• CCNA-Security
• CND
• CySA+
• GICSP
• GSEC
• Security+ CE
• SSCP
• Experience assessing systems and networks to identify where systems/networks deviate from acceptable configurations and standards.
• Experience executing enterprise-wide both operating system and application compliance verification, vulnerability assessments, on-site security assessments, web, and database vulnerability scanning, and scanning of other IT assets.
• U.S Citizenship required.
• Active Secret clearance.
• Ability to obtain Top Secret clearance.

Responsibilities

• Lead a team of Enterprise Scanning Engineers responsible for vulnerability, compliance, web application, and database scanning.
• Mentor and provide guidance to team members, fostering a collaborative and growth-oriented environment.
• Develop and implement a comprehensive enterprise scanning strategy to ensure timely identification, assessment, and remediation of vulnerabilities across the Department's systems and networks.
• Oversee the execution of enterprise-wide operating system and application compliance verification, on-site security assessments, web, and database vulnerability scanning, and scanning of other IT assets.
• Monitor emerging security threats and vulnerabilities and develop appropriate mitigation strategies in collaboration with relevant stakeholders.
• Prepare and present regular reports on the effectiveness of the Department's security policies, the potential impact of new vulnerabilities upon discovery, and the effectiveness of measures taken to eliminate them.
• Communicate effectively with various stakeholders, including system owners, administrators, and management, to ensure timely remediation of identified vulnerabilities and compliance issues.
• Perform regular vulnerability scans across the Department's systems and networks, identifying deviations from acceptable configurations and standards.
• Evaluate and prioritize identified vulnerabilities based on potential impact and risk and recommend remediation strategies and solutions.
• Collaborate with system owners and administrators to address identified vulnerabilities and ensure timely remediation.
• Execute enterprise-wide operating system and application compliance verification, assessing adherence to established security policies and best practices.
• Develop security baseline configuration compliance and vulnerability scan policies for Department-hosted operating system platforms (e.g., Windows, UNIX, Linux, Cisco, Juniper, etc.).
• Prepare audit reports identifying technical and procedural findings, providing recommended remediation strategies and solutions.
• Conduct web application vulnerability scanning to identify potential security risks and weaknesses in web applications and services.
• Collaborate with web developers and application owners to address identified vulnerabilities and ensure the implementation of secure coding practices.
• Monitor emerging web application vulnerabilities and threats and recommend appropriate mitigation strategies.
• Perform database vulnerability scanning to identify potential security risks and weaknesses in database management systems and configurations.
• Collaborate with database administrators to address identified vulnerabilities and ensure the implementation of secure database practices.
• Monitor emerging database vulnerabilities and threats and recommend appropriate mitigation strategies.
• Establish a queue management function to meet the Department's vulnerability management support service needs.
• Track and report on service request metrics, such as ticket volume, ticket volume by category, response time, and resolution time by category.
• Analyze the organization's cyber defense policies and configurations, evaluating compliance with regulations and organizational directives.
• Maintain a list and schedule of all Information Systems (IS) requiring Enterprise Scanning (ES) assessments to support continuous monitoring and expeditious processing of ES assessments.
• Develop, update, and maintain System Design and Operations documentation