Senior Information Security Engineer Vulnerability Management

Overview

Remote
$130,000 - $145,000
Full Time
No Travel Required

Skills

CISSP
CISM
Vulnerability Scanning
Vulnerability Management
Risk Management Framework
NIST SP 800 Series

Job Details

Us:

At Aretec, Inc., we are catalysts for change within the federal government landscape. Specializing in advanced analytics, machine learning, data analysis, cybersecurity, and business optimization, we empower federal agencies to achieve their most critical missions. As a premier partner and prime vendor, we deliver innovative, high-impact solutions that address complex challenges and drive national progress. Our commitment to excellence and innovation positions us at the forefront of transforming governmental operations, enhancing efficiency, and making a lasting difference in the lives of citizens.

You:

You are a highly skilled and motivated Information Security Engineer with a strong analytical mindset. You thrive in dynamic environments, applying your deep technical knowledge and problem-solving skills to improve enterprise security posture. You are passionate about identifying vulnerabilities, implementing solutions, and collaborating across teams to strengthen cybersecurity resilience. You take pride in your ability to communicate complex security concepts clearly to both technical and non-technical stakeholders.

What We re Looking For:

We are seeking a highly skilled and motivated Information Security Engineer to support our government client. This position is currently 100% remote, with on-site support required only under specialized circumstances. The ideal candidate will analyze security scanning tool results to identify vulnerabilities and security weaknesses across the enterprise. This individual must possess a strong technical foundation, analytical expertise, and the ability to develop remediation strategies that enhance the organization s security posture.

What You ll Be Doing:

  • Analyze and interpret outputs from security scanning tools, such as Tenable.io (TIO) and other security toolsets, to identify vulnerabilities and security weaknesses across the enterprise.
  • Provide technical expertise and guidance on software and hardware support tools to enhance security operations.
  • Utilize analytical and computational methodologies to assess identified issues and recommend effective solutions.
  • Develop comprehensive enterprise-level strategies for the remediation of identified vulnerabilities.
  • Conduct enterprise-wide strategic systems planning and business analysis, delivering actionable recommendations to improve security posture.
  • Perform process and data modeling to support planning and analysis efforts, leveraging both manual and automated tools.
  • Utilize Continuous Monitoring Splunk Dashboards and other data sources to correlate data and events across enterprise information systems.
  • Identify and recommend process improvements to enhance the effectiveness of current toolsets in alignment with the client s Continuous Monitoring Program.
  • Collaborate with the Enterprise Information System Security Officer (ISSO) to assess enterprise-wide weaknesses, document remediation strategies, and establish milestones via Plans of Action & Milestones (POA&Ms).
  • Review data feeds to identify risks and impacts and report on critical weaknesses affecting the enterprise security landscape.

Required Skills and Abilities:

  • Bachelor s degree in Information Technology, Cybersecurity, or a related field.
  • A minimum of 10 years of professional experience in information security, security engineering, or related discipline.
  • Proven experience administering and utilizing cloud platforms such as AWS, Azure, and/or Google Cloud.
  • Experience in administering and/or evaluating technology solutions within Windows, CentOS, Red Hat Enterprise Linux Server, and/or Ubuntu environments.
  • Hands-on experience with one or more of the following tools: Tenable.io, Nexus IQ Server, Splunk Enterprise V9.2 or higher.
  • Strong understanding of cybersecurity principles and working knowledge of the NIST SP 800-37 Risk Management Framework.
  • Exceptional written and verbal communication skills, with the ability to convey complex technical concepts effectively to technical and non-technical audiences.
  • Prior experience supporting Department of Homeland Security federal clients is preferred.

Certification Requirements:

  • CISSP, CISM, CEH and/or equivalent are preferred, but not required.

Where It s Done:

100% Remote Camp Springs, MD (On-site support under specialized circumstances).

The Expectations of the Job:

Day One:

  • Orientation and Onboarding: Immerse yourself in Aretec's culture, values, and mission. Begin building relationships with your cybersecurity team and become familiar with existing security tools, scanning systems, and workflows.

Day Thirty:

  • Active Contribution: Begin analyzing vulnerability scan results, documenting findings, and recommending initial remediation actions.
  • Skill Application: Apply your technical expertise to correlate vulnerability data using Splunk dashboards and other analytics platforms.

Day Sixty:

  • Process Improvement: Contribute to refining vulnerability management processes, enhancing automation, and improving scan coverage.
  • Collaboration: Work closely with ISSOs, system owners, and security teams to implement remediation strategies and document POA&Ms.
  • Strategic Planning: Begin contributing to enterprise-level security improvement initiatives.

Day Ninety:

  • Full Ownership: Lead vulnerability management activities, drive remediation efforts across systems, and provide regular reports on enterprise security posture.
  • Innovation and Optimization: Identify gaps and propose enhancements in scanning methodologies and data analysis workflows.
  • Mentorship: Share knowledge and mentor team members to strengthen the organization s analytical and security response capabilities.

Additional Notes:

Benefits

  • At Aretec, we believe that our employees are our greatest asset. We offer a comprehensive benefits package designed to support your health, wellbeing, and professional development:
  • Health, Dental, and Vision Insurance: Comprehensive coverage to keep you and your family healthy.
  • 401(k) Plan with Employer Match: Invest in your future with our competitive retirement savings plan.
  • Certification Stipends: Support for obtaining professional certifications that enhance your skills and career trajectory.
  • Professional Development Opportunities: Access to training, workshops, and conferences to stay at the forefront of industry advancements.
  • Flexible Work Arrangements: Options that promote a healthy work-life balance, including remote work opportunities and flexible scheduling.
  • Paid Time Off and Holidays: Generous PTO policy to relax, recharge, and spend time with loved ones.
    • This requirement is in compliance with federal regulations and is essential for the roles we fulfill within government agencies.

    Equal Opportunity Employer

    Aretec, Inc. is proud to be an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants. All qualified individuals will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other legally protected characteristics.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Aretec, Inc.