D-SIL Vulnerability Management Engineer

Resource Management Concepts, Inc. (RMC) provides high-quality, professional services to government and commercial sectors. Our mission is to deliver exceptional management and technology solutions supporting the protection and preservation of the people and environment of the United States of America.

RMC is hiring for an innovative and results-driven Vulnerability Management Engineer within the D-SIL (Cybersecurity Solutions Integration Lab). As a key member of the engineering team, you will take ownership of the Assured Compliance Assessment Solution (ACAS) platform, transforming it into a mature, automated, and data-centric service. This is a hands-on engineering role focused on building and maintaining the infrastructure, data pipelines, and reporting that underpin our security posture. You will be responsible for the full lifecycle of vulnerability management, from the deep-level system administration of the ACAS suite on Linux systems to engineering robust data integrations with our SIEM. The ideal candidate is a proactive problem-solver with a passion for automation, data engineering, and providing clear, risk-based intelligence to drive remediation efforts across the enterprise.

Position Duties

• Service Ownership & Platform Health: Own the ACAS service, ensuring the platform's health, availability, and performance. Troubleshoot application-level issues, and coordinate with operations teams for deeper infrastructure support when necessary.
• Data Pipeline & Automation Engineering: Design, build, and maintain scripts and automation for data ingestion, enrichment, and correlation. Engineer resilient data pipelines to extract vulnerability data from ACAS, container scanning solutions, and other sources.
• SIEM Integration: Architect and manage the seamless flow of vulnerability data into the enterprise SIEM. Ensure data is properly parsed, indexed, and structured to enable analysis for the security operations team.
• Reporting & Visualization: Gather and consolidate vulnerability findings for the enterprise network and its customers. Develop and automate the delivery of metrics, advisories, and trend analysis. Build and maintain actionable dashboards that provide stakeholders with a clear, risk-prioritized view of their security posture.
• Stakeholder Collaboration: Act as the subject matter expert for vulnerability data. Provide risk-based assessments and clear intelligence to system owners and the CSSP to inform and prioritize remediation activities.
• Process & Documentation: Produce and maintain clear, audit-ready documentation for the vulnerability management service, data flows, and all custom-built integrations.

Required Qualifications

Education: Bachelor's degree

Must possess an active Secret clearance with eligibility for upgrade to Top Secret (TS)

Must possess DoD 8570 IAT Level II and DoD 8140 CSSP Auditor compliant certifications.

Position may require up to 25% travel as needed

OCONUS travel may be required

Required Skills

• Strong Scripting & Automation: Proven experience building and maintaining automation and data integration pipelines, primarily using Python and APIs.
• Vulnerability Management Tools: Hands-on experience administering an enterprise-scale vulnerability management solution, with a strong preference for Tenable/ACAS.
• Linux Proficiency: Proficiency in a Linux command-line environment with the ability to perform intermediate troubleshooting of applications, services, and connectivity issues.
• Data Integration: Demonstrated experience integrating security tool data into a SIEM (e.g., Splunk, Elastic Stack) or other data analytics platform.
• Risk Analysis: Strong understanding of risk-based vulnerability prioritization using frameworks like CVSS.
• Communication: Strong written and verbal communication skills with the ability to translate complex technical data into clear, actionable insights.

Highly Desired Skills

• Experience with data visualization and dashboard development in platforms like Elastic/Kibana, Power BI, or similar.
• Familiarity with container technologies (Docker, Kubernetes) and container security principles.
• General knowledge of virtualization concepts (VMware ESXi).
• Familiarity with security standards and frameworks such as NIST.
• Experience with ticket management systems like Jira.

At RMC, we're committed to your career growth! RMC differentiates itself from other firms through its investment in our employees. We invest our resources to train, certify, educate, and build our employees.

RMC can offer you a great place to work with a small company feel and give you the experience, tuition assistance, and certifications that will take your career to the next level. This also includes a competitive paid vacation package with 11 paid federal holidays. Additionally, we also offer high-quality, low-deductible healthcare plans, pet insurance, and a competitive 401K package.

Salary at RMC is determined by various factors, including but not limited to location, a candidate's specific combination of education, knowledge, skills, competencies, and experience, as well as contract-specific requirements. The current salary range for this position will be $112,500 to $132,000 (annually).

Salary : $112,500 - $132,000