Overview

Credence Management Solutions, LLC (Credence) is seeking a Vulnerability Manager to provide professional support to the DoJ Federal Bureau of Prisons (FBOP) system owners and other operations and maintenance (O&M) staff to ensure compliance with DOJ security requirements and standards. This role is responsible for providing risk evaluation, threat modeling, and deep technical expertise on projects and technology products. This role will work closely with the Network Management Branch to identify, evaluate, and prioritize vulnerabilities found on BOPNet.

Responsibilities

• Serve as the subject matter expert for the threat and vulnerability platform and metrics reporting.
• Early informer of critical vulnerabilities and exposures relevant to safeguarding the company’s information assets
• Provide in-depth analysis of vulnerabilities and impacts to key stakeholders and provide an implementation and remediation plan.
• Provide risk analysis and assessment, using tools and techniques to implement security policies, procedures, and architectures.
• Review and filter monthly vulnerability scans of customer networks, ad-hoc vulnerability scans of printers, scanners, servers and device images to provide an enterprise monthly scan report.
• Work closely with the Operations Team to provide recommendations to ensure the resolution of identified vulnerabilities.
• Security Vulnerability Management support performs threat, vulnerability and risk assessments, and conduct scans and provide assistance, where needed, using leading-industry analysis tools to include Tenable suite: Nessus, Log Correlation Engine and Passive Vulnerability Scanner, Trustwave App Scan, Trustwave DbProtect, IBM BigFix Tivoli and Splunk.
• Track resolution of vulnerability issues and provide monthly, quarterly, and annual performance and trending metrics, and status reports, for OCIO Cybersecurity objectives.
• Disseminate vulnerability scan results to appropriate personnel in a timely matter for resolution.
• Review and analyze weekly audit logs and report anomalies for various versions of Microsoft Windows and Linux/UNIX operating systems.
• Perform and document risk assessments and analyze security vulnerabilities and metrics to measure the risks associated with those vulnerabilities.
• Monitor and track the remediation of DOJ Justice Security Operations (JSOC) Security Advisories and VPR Alerts to meet JSOC requirements for VPR standards.
• Draft recommendations to IA Team for timely testing and remediation of vulnerabilities.
• Assist with the creation of Plan of Action and Milestones (POA&Ms), supporting IA staff to manage, update and/or close vulnerability-related POA&Ms in a timely manner.
• Support tasks related to Identity and Access Management

Qualifications

• Top Secret security clearance is required.
• Bachelor's degree or significant equivalent experience is required.
• Strong decision-making and prioritization skills
• Ability to present risks and propose countermeasures to senior executives
• Experience in securing operating systems and network infrastructure (DISA STIGs)
• Experience in securing fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS
• Understanding of common exploitation techniques and mitigations
• Strong documentation skills
• Experience implementing, managing, and supporting a vulnerability management platform
• Vulnerability assessment process and tools experience
• Strong interpersonal, customer service, and consultation skills
• Must be able to function resourcefully and independently and work with a diverse team of IA/cybersecurity practitioners
• Experience working within DOJ Offices, Boards, and Divisions (OBDs), with an understanding of unique organizational security policies and security controls implementations within specific IT environments is desired.