Become an integral part of a diverse team that leads the world in the Mission, Cyber, and Intelligence Solutions group. At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement. ManTech is seeking a Vulnerability Assessment Engineer to support a project at the Federal Bureau of Investigation (FBI-IACSS Task Order 19) in Washington, DC.
The candidate selected for this position will have experience performing vulnerability assessments of corporate and/or government networks and infrastructures. The Vulnerability Assessment Team, or VAT, is looking for the following qualities: high level of technical proficiency; energetic; results driven; works well under pressure; excellent oral and written communication skills; and manages time effectively. Active Top Secret security clearance required. Candidate should be able to obtain an upgrade for access to Sensitive Compartmented Information and pass a counter-intelligence polygraph. Position is located in Washington, D.C.
Candidate will manage and lead quarterly automated scans and analysis of enterprise-class information systems, to include discovery scans, compliance scans, and vulnerability scans.
Candidate will manage and lead Unit directed vulnerability and/or Compliance assessments.
Candidate will provide support for Unit accreditation efforts of systems and applications through the FBI’s SAA process.
Candidate will provide support to the Risk Vision GRC Team in establishing an automated FISMA compliance capability, by using RISK Vision Connectors to capture vulnerability scan results for automated reporting.
Candidate will manage VAT scan schedule to ensure all scan coordination, scanning, analysis of scan data, and vulnerability reports for information systems are performed and completed on time.
Candidate will also document test results in accordance with FBI regulations and VAT SOPs.
Candidate must be able to demonstrate ability to lead and perform Vulnerability and Compliance assessments on all devices identified during enterprise network scans, including: Operating systems, Oracle and MySQL Databases, and Web applications. The candidate should be comfortable configuring, using, and managing enterprise-class network scanning tools such as: (Tenable Nessus, Tenable Security Center), database scanning tools (AppDetective and DbProtect) and Web scanning tools (Web Inspect), and should possess a broad knowledge about the security best practices and most common vulnerabilities that exist for each of these technologies, including SANS and OWASP Top 10.
In addition to the job duties listed above, the candidate shall:
Be experienced managing enterprise-level assessment scanning of Networks, databases, and Web Applications.
Be comfortable leading host, ports and services discoveries on large enterprise networks, and identifying target operating systems and applications/services based on discovery scan results.
Have experience with open source and commercial testing tools. A non-comprehensive list includes Nessus, NMAP, App Detective, Hailstorm, Guardium, and Web Inspect.
Be comfortable installing, configuring, troubleshooting, and administering Tenable Security Center, Tenable Nessus (standalone), AppDetective, and Web Inspect.
Have a solid understanding of the security policies used by intelligence organizations, as well as security guidelines published by the National Institute of Standards (e.g., 800-53 rev 4 and 800-53a).
Have the ability to think critically and creatively. Capable of synthesizing and analyzing large amounts of scan data.
Ability to articulate thoughts and findings in a concise and comprehensive manner.
US Citizenship and active TS clearance and eligible for an SCI Access, including ability to pass a counter-intelligence polygraph.
Requires Master’s degree or 15 years of IT experience and ten years of IT Security experience.