ISSE (Vulnerability Management) with Security Clearance

---

Job description

Providing exceptional solutions for our customers requires proven experience and positive results. At TRIAEM, we care and invest in our people to ensure they are prepared to deliver superior services across a wide array of mission challenges. We specialize in systems engineering & architecture, scientific & technological analysis, data management, and cyber security solutions. With over ten years of experience supporting the US Government and International Partners, we know what it takes to ask the right questions, capture the right information, and deliver timely, accurate solutions. Caring and investing in our people means an environment where you can learn and grow while continuously being challenged. We offer industry-leading benefits and paid time off that allow you to focus on supporting our customers while maintaining the important work/life balance. If you are looking for a company that values you as an individual and welcomes your ideas, contributions, and experience, TRIAEM is the place for you! Job Description Job Description As a senior member of the Vulnerability Management and Assessment Team (VMAT), you will be part of a fast-paced team functioning as a SME in Security Assessments and Engineering, supporting CISA in safeguarding systems and networks across multiple environments. You bring the following to the team. Expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security Experience using and deploying vulnerability scanning and testing tools such as Burp suite, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Net Sparker, DB Protect, App Detective, Prisma Cloud, Core Impact, Microsoft Defender, AWS Security Hub, AWS Inspector, Code DX and similar platforms Experience analyzing and testing vulnerabilities, establishing cause and impact, and identifying corrective actions to eliminate and prevent the event from happening in the future Experience in vulnerability and assessment validations in various environments such as development, staging, and production Experience using various cloud environments such as Amazon Web Services, Azure, and/or Google Cloud Experience with system administration in Windows and/or Linux Purple Team capabilities and expertise (Blue - defensive and Red - offensive) Experience setting up and conducting extensive vulnerability and compliance assessment scans against a variety of unique target environments (e.g., development, staging, production, on-premise, cloud, and virtual) Manage and maintain scans across host operating system, web, database, cloud, and application-specific platforms Ability to identify DISA STIGs or best practices applicable for assessment and weekly scans Ability to provide guidance and support regarding the remediation of vulnerability and compliance findings Required Education, Experience, & Skills Bachelor's Degree with 7 years related experience including cloud security OR 10 total years of experience in Information Assurance, and IT Security including cloud security. Obtain and maintaining an IAT Level III baseline certification within (90) days of hire. Your roles, skills, and activities will include the following. Build out scan policies, active scan jobs, asset lists, credentials, and onboard assets for scanning Conduct assessments and audits to identify weaknesses and security gaps Conduct in-depth security validation assessment assignments in response to new deployments and significant changes to environments Conduct quick security validation assessment assignments in response to availability of new audit file or non-significant change to a pre-existing system Identify, evaluate, validate, manage, test, and report on vulnerabilities Provide solutions to gaps in security posture Serve as a security SME across different domains Build and deliver detailed reporting deliverables from scans and assessments to stakeholders Respond to ad hoc requests and high-priority government tasks Conduct discovery scanning and have awareness of IP CIDR ranges, ports, protocols, source, and destination distinctions Deploy and maintain the latest approved DISA and commercially recognized audit files across FISMA systems Perform manual assessment of DISA STIGs on systems undergoing assessment and audit Support triaging efforts to determine root cause of detected issues or findings across various systems Troubleshoot and provide corrective guidance for scan issues such as host configurations, credentials, network blocks, and scanner accessibility Maintain target asset lists across all security tools ensuring alignment with system inventory Validate false positive and true positive submissions by analysis and vetting of artifacts and justifications Maintain and recommend improvements to security tools testing suite Provide support during ATO, penetration tests, and other auditing efforts Conduct risk analyses on CVEs, plugins, CWEs, KEVs, etc. Perform weekly scanning of systems in continuous monitoring and provide accurate scan results Build and maintain various tool-specific dashboards to support system vulnerability and compliance remediation efforts Participate in Agile planning events as a representative of the VMAT team. Conduct research, evaluation, and testing and provide technical input and recommendation regarding new security software and testing tools or devices for procurement Provide expertise in implementation of technical security controls in government cloud environments (cloud security experience required) Preferred Education, Experience, & Skills Desired Certifications: CISSP, CCSP, CEH, AWS-SEC, MCASEA Required Clearance: Secret Work Locations: Sterling VA. or Rockville MD or Pensacola, FL Skills & Requirements Qualifications TRIAEM LLC is an Equal Opportunity/Affirmative Action employer. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, sexual orientation/gender identity, religious creed, national origin, citizenship, marital status, sex, age, or genetic information. Applicants may be subject to a background investigation based on job requirements. TRIAEM Prohibits Discrimination and Harassment of Any Kind; we are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at TRIAEM are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. TRIAEM will not tolerate discrimination or harassment based on any of these characteristics.

<!– job description page –>