Risk-Based Asset Management Lead (RBAM)

About The Position

Requirements

• Bachelor’s degree in Information Systems / Information Technology, Computer Science, Computer Engineering, Electrical Engineering, related field, or technical degree — or 4 years of relevant experience in lieu of a degree.
• An active CASP, GSEC, GSLC, CISSP, CEH, CISM, CISA, or comparable cybersecurity certification.
• An active Agile certification: PMI-ACP, SAFe Agilist, CSM, or comparable.
• Minimum 7 years of total professional experience, with at least 5 years of technical experience in either: (a) overseeing and managing vulnerability remediation for enterprise environments, or (b) establishing, managing, and enforcing configuration baselines across diverse IT environments — ideally both.
• In-depth, working knowledge of CVE, CVSS, NVD, and the CISA KEV catalog.
• Ability to prioritize and explain prioritization to a non-technical audience.
• Deep understanding of Configuration Management principles as defined in NIST SP 800-128.
• Strong, hands-on knowledge of system and database hardening best practices using DISA STIGs and CIS Benchmarks.
• Familiarity with remediation across Windows, Linux, network devices, containerized environments, and cloud platforms (AWS, Azure, Google).
• Hands-on experience implementing and operating SIEM tools — specifically Splunk dashboarding and reporting (creating and modifying dashboards, not just consuming them).
• Experience with enterprise ticketing in ServiceNow, including building/altering workflows and reports.
• Proficiency in scripting and automation: Python, PowerShell, Bash, and Splunk Search Processing Language.
• Familiarity with DevSecOps and CI/CD pipeline development — enough to embed security baselines into pipelines and image-hardening processes.
• Ability to incorporate security configuration baselines into CM processes and enforce through OS image hardening, automation, and audit.
• Extensive hands-on experience with a wide range of database technologies, including Relational (Oracle, PostgreSQL, MySQL, MS SQL), NoSQL (MongoDB), and Cloud-native (Amazon RDS, Azure SQL, DynamoDB).
• Ability to assess and secure both on-premises and cloud-hosted database environments.
• Experience implementing and managing audit logging, data masking, and encryption mechanisms.
• Experience using scanning tools to verify database hardening compliance and translate audit requirements into actionable configurations and evidence.
• Strong written communication for SOPs, playbooks, technical decision memos, and executive-readable risk briefings.
• Ability to obtain and maintain a DHS Public Trust suitability determination.

Nice To Haves

• Prior experience supporting USCIS, DHS components, or other federal civilian agencies on Vulnerability or Configuration Management programs.
• Active PMI certification (PMP, PgMP, or PMI-RMP) on top of the technical creds.
• A genuine love for the moment a 9.8 CVSS issue goes to zero — we celebrate those here.

Responsibilities

• Lead the integrated RBAM practice across Vulnerability Management, Configuration Management, and Database Management, aligning effort with USCIS business priorities and risk tolerance.
• Oversee RBAM projects end-to-end: track schedules, facilitate working sessions, and brief leadership and the Government PM/COR on status, risks, and decisions.
• Run the vulnerability scanning program using approved tooling. Initiate scans, analyze results, prioritize remediation by impact and likelihood, and ensure adherence to DHS policies and federal regulations.
• Continuously monitor emerging threats (CVE, NVD, CISA KEV) and translate them into a prioritized, defensible remediation backlog.
• Validate and act on the DHS/CISA Cyber Hygiene Report.
• Partner with system owners and admins on remediation plans, track progress, and report to leadership.
• Support the USCIS software approval process — evaluate new products and technologies for security, compliance, and operational fit.
• Establish, document, and enforce configuration management policies, procedures, and baselines across diverse IT environments — with full traceability for changes (documented, tracked, approved, audited).
• Use configuration management tooling to monitor and report on system configurations and compliance, identify drift, and resolve configuration-related risks.
• Develop and maintain database hardening scripts and processes; translate audit requirements into actionable configurations and evidence artifacts.
• Build and refine Splunk dashboards and reporting (and ServiceNow workflows/tickets) so VM/CM posture is visible at a glance — not buried in a spreadsheet.
• Author and maintain SOPs and Playbooks for RBAM operations; contribute to the Risk Register, Weekly Status Report, and Monthly Program Management Review.

Benefits

• Medical, dental, vision insurance (fully paid for employees)
• 15 days of paid leave
• 7 days of sick leave
• 2 days bereavement leave
• 11 paid Federal holidays
• Up to 40 hours for jury duty
• 401K with 4% employer contribution (and no vesting period)
• Up to 4 weeks of paid paternity and maternity leave
• Company provided laptop
• $5,000 per year for professional development
• $600 per year for technical supplies and equipment
• $2,000 referral bonus
• Life and disability insurance
• HSA and FSA
• Legal Shield and ID Shield
• Voluntary Benefits
• Opportunity to work in a collaborative, motivated team focused on modernizing government services with cutting-edge technology and innovative solutions.