Vulnerability Management Lead

Position Description

Northrop Grumman is seeking a motivated professional to join our Team as a Vulnerability Management Lead. This position is located in Quantico, VA. The Vulnerability Management Lead will support the Senior Cyber Security Manager within DSS Cyber Network Defense (CND) unit. Supports the Vulnerability Management Program to identify, categorize, remediate, and mitigate vulnerabilities on DSS Information Systems. Performs the vulnerability management in accordance with DOD mandates. Identifies, reports, and mitigates the Information Systems within the DSS enclaves that are in non-compliance with DOD standards. The successful candidate will possess and apply a comprehensive knowledge across key tasks and high impact assignments. Plan and lead major technology assignments. Evaluate performance results and recommends major changes affecting program success.

Roles and Responsibilities

  • Update and maintain the SOPs for the Vulnerability Management Program.
  • Manage the ACAS implementation
  • Conduct vulnerability auditing on 100% of DSS Information Systems with the DISA Assured Compliance Assessment Solution (ACAS), current vulnerability auditing solution, or a combination of solutions. Weekly audits will be delivered to the system owners and on demand audits will be performed on devices not accessible during automated vulnerability audits on all DSS enclaves.
  • Maintain compliance to the standards set by the DISA Filed Security Operations Command Cyber Readiness Inspectors (CCRI) and Certification and Accreditation and all applicable DOD inspection programs.
  • Develop and maintain a dashboard on DSS CND SharePoint with current vulnerabilities, IAVMs on DSS computing devices. Include associated ACAS plugins, suspense dates, POAM status, system owners, percentage of compliance, and status.
  • Develop and maintain a dashboard with the current Security Requirements Guides (SRG) and Security Technical Implementation Guides (STIG) and implementation status on DSS environment. Include associated vulnerabilities, suspense dates, POAM status, system owners, percentage of compliance, and status.
  • Conduct monthly audits to include but not limited to STIG-SRG, SCAP, and all system vulnerabilities in compliance with mandated DOD directives.
  • Conduct and report daily audits in support of identity assurance in order to validate user accounts, computer accounts, privileged accounts, system accounts, and report any anomalies to Incident Responders.
  • Coordinate the assessment of vulnerabilities with system owners
  • Provide detail vulnerability reports.
  • Assist other team members with developing mitigation plans.
  • Support system administrators with resolution of vulnerability findings.

DSSEITS

Basic Qualifications:

  • 9 years' of Cyber Security experience (7 Years' with a Master's degree) with a Bachelor's degree in a technical specialty: cyber security, computer science, or similar field. We may consider four (4) additional years of relevant experience in lieu of a degree.
  • At least 4 years of experience successfully managing a Vulnerability Management in a DoD environment
  • At least 5 years of relevant experience working with a combination of ACAS, SRG, CCRI, STIGs, IAVMs.
  • Experience with Cyber security policies, operations, and reporting requirements.
  • Experience performing vulnerability audits and assessments.
  • IAT-I, II or III IA Baseline Certification (SEC , CISSP, etc.)
  • CND IA Auditor Baseline Certification: (CEH, CISA, GSNA)
  • Computing Environment or OS Certificate
  • Security CE certification
  • Must possess an active/current TS/SCI clearance.

Preferred Qualifications:

  • CEH certification
  • CCNA certification
  • ITIL v3 certification
  • Excellent verbal and written communications.
  • Familiar with any of the following: Akamai, Splunk, Cisco, McAfee, SCAP, ACAST, F5

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.


Meet Some of Northrop Grumman's Employees

Jacqueline T.

Electrical Engineer

Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.

Jonathan M.

Electronics Engineer

Jonathan works with avionics industry subject matter experts to come up with new feature developments before implementing those ideas in the Northrop Grumman laboratory.


Back to top