Vulnerability Management Engineer
About The Position
CACI is searching for a Vulnerability Management Engineer to support the FEMA Office of the Chief Information Security Officer (OCISO) in Washington, D.C. As a Vulnerability Management Engineer, you will play a crucial role in ensuring the security and resilience of FEMA's information systems through comprehensive vulnerability identification, assessment, and remediation coordination. You will work in a dynamic environment, collaborating with system owners, cybersecurity professionals, and enterprise administrators to identify and eliminate security vulnerabilities. Your efforts will directly contribute to safeguarding FEMA's mission-critical systems and data. The Vulnerability Management Engineer will be responsible for leading vulnerability identification, prioritization, remediation coordination, and closure validation across the environment and assigned systems. This position requires administering scanning processes across all FEMA systems and analyzing vulnerability findings for risk and accuracy. The Vulnerability Management Engineer will monitor all FEMA systems Remediation Work Plans (RWPs) and POA&Ms daily, coordinate remediation efforts across Enterprise systems, and provide daily technical remediation support services. This role is critical for producing dashboards and surge reporting for critical vulnerabilities and ensuring remediation validation.
Requirements
- U.S. Citizenship required
- BS/BA + 7 years of applicable experience in vulnerability management and cybersecurity
- Minimum 7 years of experience in vulnerability management and cybersecurity
- Demonstrated expertise in Nessus, ACAS, or similar vulnerability scanning tools
- Experience with automated security authorization tools
- Knowledge of vulnerability assessment methodologies and risk analysis
- Experience developing and tracking POA&Ms
- Strong analytical skills for vulnerability prioritization and trend analysis.
Nice To Haves
- FEMA EOD suitability or Current DHS or FEMA EOD preferred
- Previous DHS or DoD experience
- Experience with CSAM, RegScale, eMASS, or similar GRC tools
- Knowledge of DISA STIGs and security compliance frameworks
- Experience with dashboard and reporting tools (Tableau, Power BI, Splunk)
- Strong communication skills for presenting to senior leadership
- Experience supporting audit
Responsibilities
- Administer scanning processes across all FEMA systems and analyze vulnerability findings for risk and accuracy.
- Monitor all FEMA systems Remediation Work Plans (RWPs) and POA&Ms daily.
- Coordinate remediation efforts across Enterprise systems.
- Provide daily technical remediation support services.
- Support all remediation activities in a detailed, technical, and audit manner.
- Ensure remediation validation.
- Produce dashboards and surge reporting for critical vulnerabilities.
- Provide vulnerability reduction reports and trend analysis reports.
- Analyze all vulnerability reports and remediation efforts and reporting to senior leadership monthly.
- Conduct monthly POA&M remediation test events, and develop test reports within 5 days after testing.
- Validate closure of vulnerabilities.
- Provide monthly compliance remediation briefs.
- Utilize automated security authorization tools for managing remediation efforts and managing POA&Ms using automated tools.
- Support internal and external audit events.
- Track and suggest technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access.
- Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and network and device security and encryption.
Benefits
- healthcare
- wellness
- financial
- retirement
- family support
- continuing education
- time off benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
