VariQ has an exciting opportunity for a highly qualified Vulnerability Management Lead
to support the Office of the Comptroller of the Currency within the Department of the Treasury
in Washington, DC
- Location: 400 7th St., SW., D.C. (Remote until further notice due to COVID-19)
- Metro Accessible: Yes, after COVID-19 at L'Enfant Plaza
- Salary: Dependent upon experience
- Security Clearance: Public Trust
- Available: ASAP
- Work closely with Government on engineering, vulnerability, and risk management tasks
- Weekly status reports, and other ad-hoc deliverables as required
- Perform regular vulnerability, configuration, and web application scans
- Assist with triage of vulnerabilities when possible, and serve as a subject matter expert on the risk of vulnerabilities across the enterprise
- Provide recommendations to promote the development of Vulnerability/Risk Management policy across the agency
- Develop secure configuration baselines based on best practices for new technologies in the environment
- Promote knowledge sharing/training across functional areas
- Evaluate, develop and refine processes and procedures as required or requested by Government management
- Core Work Hours: 8:00 am - 5:00 pm
Top 3 Skills:
- 2+ years of experience as a Hands-On Vulnerability Management Analyst
- Significant experience using numerous security tools and technologies to include some of the following and/or closely comparable security technologies: Qualys, Nessus, AppScan, Splunk, BigFix, Cofense PhishMe, Cofense Triage, Burp Suite, RSA Archer, FireEye iSight, RedSeal
- Experience evaluating DISA STIGs, CIS Benchmarks, and other industry best practices across technologies including Windows Server (Member and Domain), Microsoft IIS, Microsoft SQL, Apache Tomcat, .NET Framework, Red Hat Enterprise Linux (RHEL), Mac OS, VMware ESXi and vSphere, Citrix NetScaler, Cisco IOS/NX/ASA Routers, Switches, Firewalls
- Ability to identify and exploit OWASP top 10 risks, such as XSS, broken authentication, SQL injection
- Vulnerability Management
- Data Analysis
- Strong verbal and written communication skills
- CompTIA Security+ or better
- Qualys Certified Specialist (Preferred)
Bachelors of Science in Computer Science, Systems Engineering, Cybersecurity, Information Technology or related area. Extensive work experience can be substituted in lieu of a degree.OTHER DUTIES
PHYSICAL DEMANDS AND WORK ENVIRONMENT
- This job description is not designed to cover a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities are subject to change at any time. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments.
- The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform these functions.
- While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand, walk, sit, and reach with hands and arms. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.
What Is In It For You
- All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the employee will possess the skills, aptitudes, and abilities to perform each duty proficiently. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.
Who We Are
- We focus on building teams of the best and brightest who are looking for careers with a growing and dynamic mid-tier company.
- Our leaders get to know you as an individual. They help you grow in a variety of directions and view you as an asset who grows with the company beyond our current contracts.
- VariQ is growing which translates into many different opportunities for you and more defined career path trajectory.
- We understand your need for work/life balance and work within contract parameters to provide as much flexibility as possible.
- We provide a comprehensive and highly competitive total compensation and benefits package that brings you real value and security to enjoy life today and plan for tomorrow.
Founded in 2003, VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government. Headquartered in Rockville, Maryland, VariQ is a multiple award-winning company that emphasizes innovation, quality, and professional excellence in the development of advanced technology systems.**We require all newly hired employees in the United States to be fully vaccinated for Covid-19 (or have an approved accommodation) by January 4, 2022.**VariQ is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, national origin, ancestry, ethnicity, sexual orientation, marital status, gender, gender identity, gender expression, disability, genetic information, protected veteran status, or membership in any other group protected by federal, state or local law. We consider diversity and inclusiveness to be core to our culture, and central to our commitment to fostering an empowering and supportive workplace. EEO is the Law