Cyber Vulnerability Engineer

Overview

On Site
$120,000 - $140,000
Full Time

Skills

NASA
Cyber
Vulnerabilities
NIST

Job Details

Seeking a Cyber Vulnerability Engineer local to the Cleveland, OH area to go onsite at Glenn Research Center (GRC).
Secret Clearance OR NASA level of confidence of 50 or above is highly preferred.
Candidate works directly with Center Chief Information Security Officer (CISO) at Glenn Research Center (GRC) to oversee and support cybersecurity vulnerability management and compliance activities. Provides reporting and analysis of vulnerability trending and identifies anomalies that may impact the security posture of the Center. Performs as the primary interface between GRC ISOs and ISSOs regarding questions related to vulnerability mitigation. Assists Center system administrators in identifying corrective actions which mitigate findings from vulnerability assessments. Provides tracking of mitigation activities by Information System Owners (ISOs) and Information System Security Officials (ISSOs) and provides quarterly analysis of resolution statistics. Provides support to GRC CISO and Cybersecurity Risk Manager (CSRM) to for various compliance-driven programs and projects including Enterprise Cyber Logging (ECL), mandated technical implementations derived from Federal Directives, and the official system-of-record for risk management for compliance and reporting. Supports technical implementation of remediation actions for known vulnerabilities. Manages content on internal SharePoint site creating and maintaining a Knowledgebase commonly used by GRC system owners for system risk and vulnerability compliance.

Basic Qualifications:

  • Bachelor s Degree in technical cybersecurity field plus 6 years of experience or 8-10 years' experience
  • Experience managing and remediating cyber vulnerabilities on IT systems.
  • Experience producing reports or work products for cybersecurity related information and presenting them to C-Suite clients.
  • Knowledge of NIST Cybersecurity Framework (CSF)
  • Knowledge of Binding Operation Directives (BOD) or Emergency Directives released by the Cybersecurity Infrastructure Security Agency (CISA)
  • Ability to serve as liaison between executive level client and customers managing GRC IT systems.
  • Security+ Certification or similar cybersecurity certification


Additional Qualifications:

  • CISSP Certification
  • Secret Clearance OR existing NASA level of confidence of 50 or above