Become an integral part of a diverse team that leads the world in the Mission, Cyber, and Intelligence Solutions group. At ManTech International Corporation, you will help protect our national security while working on innovative projects that offer opportunities for advancement. ManTech is seeking a Vulnerability Assessment SME to support a project at the Federal Bureau of Investigation (FBI-IACSS Task Order 19) in Washington, DC.
The candidate selected for this position will have experience performing vulnerability assessments of corporate and/or government networks and infrastructures. The Vulnerability Assessment Team, or VAT, is looking for the following qualities: high level of technical proficiency; energetic; results driven; works well under pressure; excellent oral and written communication skills; and manages time effectively. Active Top Secret security clearance required. Candidate should be able to obtain an upgrade for access to Sensitive Compartmented Information and pass a counter-intelligence polygraph. Position is located in Washington, D.C.
Candidates will conduct quarterly automated scans and analysis of enterprise-class information systems, to include discovery scans, compliance scans, and vulnerability scans.
Candidates will conduct Unit directed vulnerability and/or Compliance assessments.
Candidates will support Unit accreditation efforts of systems and applications through the FBI’s SAA process.
Candidates will also support the Risk Vision GRC Team in establishing an automated FISMA compliance capability, by using RISK Vision Connectors to capture vulnerability scan results for automated reporting.
Candidates will coordinate and perform all scanning, analyze scan data, and prepare vulnerability reports for information systems.
Candidates will also document test results in accordance with FBI regulations and VAT SOPs. Candidates must be able to perform Vulnerability and Compliance assessments on all devices identified during enterprise network scans, including: Operating systems, Oracle and MySQL Databases, and Web applications.
The candidate should be comfortable using enterprise-class network scanning tools such as: (Tenable Nessus, Tenable Security Center), database scanning tools (AppDetective and DbProtect) and Web scanning tools (Web Inspect), and should be knowledgeable about the most common vulnerabilities that exist for each of these technologies, including SANS and OWASP Top 10.
In addition to the job duties listed above, the candidate shall:
Be experienced in performing enterprise-level assessment scanning of Networks, databases, and Web Applications.
Be comfortable configuring and performing host, ports and services discoveries on large enterprise networks, and identify target operating systems and applications/services based on discovery scan results.
Have experience with open source and commercial testing tools. A non-comprehensive list includes Nessus, NMAP, App Detective, Hailstorm, Guardium, and Web Inspect.
Be comfortable using, configuring, troubleshooting, and administering Tenable Security Center, Tenable Nessus (stand alone), AppDetective, and Web Inspect.
Have a solid understanding of the security policies used by intelligence organizations, as well as security guidelines published by the National Institute of Standards (e.g., 800-53 rev 4 and 800-53a).
Have the ability to think critically and creatively. Capable of synthesizing and analyzing large amounts of scan data.
Ability to articulate thoughts and findings in a concise and comprehensive manner.
10+ years of IT Security experience w/Masters or 15+ years w/Bachelors .
US Citizenship and active TS clearance and be eligible for SCI.