Cyber Risk and Vulnerability Lead

Job Description:

AmVet Technologies, a Small Disabled Veteran-Owned (SDVOSB) company, provides tailored, innovative Cybersecurity, IT, Artificial Intelligence (AI), and Strategic Management Services to the Federal Government. We seek a well-rounded, flexible, energetic Cyber Risk and Vulnerability Lead to support our Department of Energy (DOE) client.

The Cyber Risk and Vulnerability Lead must have extensive knowledge and experience in compliance and technical aspects of Cybersecurity, coupled with excellent customer-facing skills. The ideal candidate will demonstrate the ability to help the customer and team advance to the next level of operational excellence.

Contract Duration: There are 3 years remaining, with remote work status maintained until further notice. For business purposes, occasional travel to Germantown, Maryland, will be required. This position is contingent on award.

Job Responsibilities:

· Serve as a trusted advisor to client on all matters of cybersecurity

· Provide guidance and recommendations to the client on all technical aspects of cybersecurity

· Conduct meetings with stakeholders and senior leadership to ensure understanding and cooperation in identifying and remediating vulnerabilities and provide status updates

· Oversee/perform Security Control Assessments in accordance with NIST SP 800-53

· Review Security Control Assessment findings for completeness and accuracy

· Develop enterprise cybersecurity plans, SOPs, and other documentation

· Instruct staff on processes and procedures

· Identify opportunities and implement improvements to the client’s security posture and the team’s performance

· Monitor and assess system vulnerabilities to ensure compliance with the agency policies and procedures

· Review ad hoc, weekly, monthly, and quarterly enterprise vulnerability and End-of-Life (EOL) scans and create repositories, PowerQueries, and dashboards to ensure vulnerability and EOL information is actionable and available

· Monitor Cybersecurity and Infrastructure Security Agency (CISA) bulletins and alerts, open-source intelligence, and federal guidance to ensure emerging vulnerabilities relevant to the environment are proactively identified, assessed, and remediated or mitigated

· Review and validate penetration test findings to ensure remediation before closure of findings

· Perform Burp vulnerability scans to identify common web application vulnerabilities, generate vulnerability reports, and verify remediation

· Creatively use client-provided tools to obtain new insights into the enterprise/system posture

· Develop processes for identifying and responding to potential threats identified with the dashboards/reports and facilitate risk reduction actions

· Develop, enhance, and improve vulnerability and EOL management and tracking

· Support Federal Information System Security Officers (SSO) by reviewing system security documentation and monitoring, and responding to Splunk alerts, vulnerability, and EOL reports, and updating/developing system security documentation

Required Qualifications:

· BA in Information Assurance, Cybersecurity, Information Systems, or other related technical discipline

· Public Trust Suitability, existing security clearance preferred

· Ability to commute to Germantown, MD, daily if remote work is no longer permitted

· 8 years of experience in IT, including at least 5 years in Cybersecurity

· CISSP, ISSM, or other Cybersecurity certs desired

· Skillset split: 40% technical, 40% compliance, 20% customer-facing

· Strong technical background (e.g. Security Operations Center (SOC) Analyst, PenTester, Network Engineer, System Admin, Developer, or Programmer, etc.).

· Strong compliance background (e.g. ISSO/ISSO Support or a Security Control Assessor)

· Strong understanding of vulnerability management program design and development

· Extensive experience ingesting data and developing reports and dashboards using PowerQuery, Excel, and Power BI

· Extensive knowledge and experience with Tenable/Nessus

· Working knowledge of Burp, Dynatrace, or DB Protect, and other security tools

· Strong understanding of Zero Trust architecture and related requirements

· Solid understanding of the Federal Information System Management Act (FISMA), Office of Management and Budget (OMB), and CISA guidance, metrics, and requirements

· Hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating diverse data sets

· Ability to provide recommendations and guidance to the customer, which enables them to improve their security posture

· Strong knowledge of Risk Management Framework and NIST SP 800-53

· Strong knowledge of Governance, Risk, and Compliance (GRC) solutions

· Strong written and verbal communication and presentation skills

· Ability to adapt to rapidly changing priorities and directions

· Team player

Location:

· Primary – Remote, until further notice. Germantown, MD upon the return to the office notice.

· Occasional – Onsite in Germantown, MD

Job Type: Full-time

Pay: $175,000.00 - $190,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee discount
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Professional development assistance
• Referral program
• Relocation assistance
• Tuition reimbursement

Schedule:

• Monday to Friday

Education:

• Bachelor's (Required)

Experience:

• Cybersecurity: 5 years (Required)
• IT: 8 years (Required)

Ability to Relocate:

• Germantown, MD 20874: Relocate before starting work (Required)

Work Location: Hybrid remote in Germantown, MD 20874

Salary : $175,000 - $190,000