Vulnerability Management Lead

CVP is seeking a Vulnerability ManagementLead to execute and support the implementation of a successful Cybersecurity vulnerability management program.

• Provide solid understanding in vulnerability management and information security, including broadening awareness and use of the team services, education of security best practices and integration with other business areas.
• Provide mentorship and support to teammates regarding vulnerability assessment, communication/rapport with other divisions and various levels of leadership, technical expertise, and career development.
• Evaluate both system and application scans and architecture designs for security vulnerabilities providing remediation recommendations.
• Coordinate, build and maintain relationships with internal and external stakeholders.
• Demonstrate technical knowledge and experience of infrastructure security testing tools to perform automated security testing of operating systems, databases, and network fabric devices (i.e. switches, routers, firewalls, load balancers, WAPs, etc).
• Use provided infrastructure security testing tools to perform this task. Example tools include, but are not limited to: nmap, Nessus, Retina, Core Impact, Splunk.
• Become competent with the installation, use, and maintenance of any new tools (i.e, software licenses or installation media).
• Troubleshoot the operation of security testing tools used to perform infrastructure security assessments when technical issues (i.e. tool related, network related, or target related) occur, which interfere with security testing activities.
• Create customized scanning/testing configurations within testing tools to suit security configuration requirements.
• Ensure current security testing and evaluation software is sufficient to the task of conducting security testing and regularly look for and recommend additional software that may fill gaps in current security testing toolset.
• Perform manual security testing and evaluations of operating systems (including, but not limited to, Windows, Unix, Linux, AIX, Solaris, and MacOS), databases, network fabric devices, and design documents in order to identify security vulnerabilities, weaknesses, or policy violations without the use of automated tools.
• Perform manual security evaluations of custom administrative or user interfaces for specialty equipment. 
• Develop and improve KPIs, metrics, and trending for vulnerability management functions.
• Review and provide feedback on results generated by automated scanning tools. This shall include, but not be limited to, identification of false positives generated by those tools, either by using the data contained within the result set generated by the tools, or by manual investigation of the targets on which the testing tools identified security findings.
• Review and provide feedback on false positive, mitigation, or remediation evidence provided by IT stakeholders to determine the validity and completeness in regard to any findings identified.
• Provide subject matter expertise concerning known vulnerabilities, and become knowledgeable of newly released vulnerabilities, and discuss methods of exploitation, methods of mitigation or remediation, severity of impact, difficulty of exploitation, and other pertinent considerations of vulnerabilities. This discussion may be required either verbally or via written presentation.
• Use prior knowledge and experience of security configurations and concepts to assist in the creation and review of existing or new security policies.
• Document new, and update existing, processes and procedures used for the Vulnerability Management Program.
• Identify the applicable NIST security controls, HHS security policy items, or security policy items that correspond to any finding identified via manual or automated testing.
• Create and conduct presentations of both the security testing processes/methodologies used, as well as general security best practices, with regards to security of operating systems, databases, and network fabric devices, and related technology concepts.
• Assess the full life cycle of IT systems and sub systems to include operational, management, technical, and physical security.
• Act as a liaison to external audit functions. This activity could include, but is not limited to, conducting data calls and executing ISSO-specified or approved testing activities.
• Participate in any additional activities which are in direct support of actions required within this Task. Additional activities may include, but are not limited to, participation in meetings, consultation with other teams, or documentation of task-specific requirements.

• Must be eligible to obtain a Public Trust government security clearance.
• 4-year college degree in Computer Science or related field, and 2 years of experience or 5 years of experience in lieu of a college degree.
• NIH experience desired
• Experience demonstrating strong analytical, troubleshooting and problem-solving skills for cybersecurity.
• Expertise of security standards and frameworks including: NIST CSF, FISMA, FedRAMP.
• Knowledge of security concepts such as cyber attacks and techniques, threat vectors, risk management, threat management, and incident management.
• Solid understanding of cloud-based technologies such as AWS and Azure.
• Knowledgeable of Windows and UNIX/LINIX environments, MS SQL Server and Oracle DBs, and VMware.
• Excellent communication skills, both written and oral.

Desired Skills

• CISSP, Security+, MCSE, A+, and/or other industry certifications.
• Experience with AWS and/or Azure.
• Experience with Nessus, Splunk, Absolute.

About CVP

CVP is an award-winning healthcare and next-gen technology and consulting services firm solving critical problems for healthcare, national security, and public sector clients. We help organizations achieve lasting transformation and build a healthy, safe, and equitable world—a future we call What’s Next. 

What do we do? We do work that matters like advancing mental and behavioral health, streamlining immigration, and improving access and outcomes for underserved populations including Veterans, people experiencing homelessness, and rural American residents.  

How do we do it? Our team of industry experts deliver integrated, innovative solutions in Healthcare Research & Technology, Digital Transformation, Data Science, Cybersecurity, Marketing Communications & Change Management, and Strategy & Transformation. 

Why do we do it? Our core values define the CVP culture, guide our decisions, and enable our client-focused mission. We’re relentlessly focused on making a difference and building What’s Next for our clients and their customers. 

We believe diversity, equity, and inclusion are essential components of our individual and collective success, and our commitment to hiring and supporting Veterans has earned us three HIRE Vets gold medallions. Join us to start or advance your career with a mission-focused firm transforming healthcare, enhancing security, and making government work better. 

Customer Value Partners, LLC is a VEVRAA Federal Contractor and an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability. Customer Value Partners seeks to provide employment opportunities for protected veterans and individuals with disabilities.