Arlington, VA, USA
33 days ago
Vulnerability Management Specialist - Public Sector

Job Family:

Cyber Consulting


Travel Required:

Up to 25%


Clearance Required:

None

Support maturing and improving vulnerability management processes. Provide technical expertise and assist with the establishment and implementation of formal vulnerability management programs, including standard operating procedures and processes that govern all phases of the vulnerability management lifecycle.

What You Will Do:

The following duties and responsibilities include performing hands-on vulnerability scanning and management, patching systems, designing mitigation strategies, and authoring vulnerability-related products (including program doctrine, analysis reports, and other documents required as part of a formal VM program). Specific responsibilities shall include, but are not limited to, the following: 

Author / amend the Board’s VM Program document to serve as the primary tool for designing the ideal VM program for the Information Security Branch.

Support the implementation of a formal VM program with a variety of product types (e.g., program documents, policy documents, mitigation strategies, analysis reports, and standard operating procedures).

Support the expansion of the VM program to include endpoints, mobile devices, cloud infrastructure, and more.

Research new vulnerability capabilities and recommend solutions that can be employed within the Board’s infrastructure.

Support the deployment of new capabilities.

Adapt the Board’s VM program as needed to support the implementation of a zero-trust architecture.

Build dashboards, metrics, and reports that convey the health and stability of the VM program.

Generate reports to measure the Board’s progress in meeting vulnerability remediation targets. 

What You Will Need:

Experience with one or more security technologies, including vulnerability scanners and SIEM solutions: including specific systems Tenable, Nessus, Invicti, Splunk, and other vulnerability management solutions (e.g., enterprise patch management).

Experience managing vulnerabilities in both on-premises systems and in cloud environments, (e.g. Amazon Web Services, Microsoft Azure, Google Cloud, and Data Centers).

Familiarity with relevant industry standards and regulations. This should include specific requirements of federal government institutions and general best practices for a quality vulnerability management program.

Experience identifying and developing mitigation strategies. This includes designing mitigations that specifically address vulnerabilities, working with system owners to patch systems, and identifying adequate solutions to remediate vulnerabilities where patching is not possible.

Experience analyzing data and identifying vulnerabilities. This extends beyond running a scan and identifying vulnerabilities found by the system. This includes analyzing systems, network configurations, web applications, and architectural diagrams, as well as identifying top vulnerabilities such as those listed in the OWASP “Top Ten” and understanding how those vulnerabilities work at the programmatic level.

Experience with workflows, forms, and other enabling technologies that may be needed to operationalize the vulnerability management program.

Experience supporting the implementation of a Zero Trust Architecture.

Experience building dashboards, metrics, and reports that convey the health and stability of a vulnerability management program.

What Would Be Nice To Have ​:

Software needs might include ServiceNow, SharePoint, Adobe Forms, automated email messaging, PowerApps, Tableau for visualization, and Splunk.

Please note that this job posting is for a proposal of a potential client and is not reflective of an awarded job. In addition, we are only collecting resumes and interviewing based off the skillset and qualifications listed below.


What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

Medical, Rx, Dental & Vision Insurance

Personal and Family Sick Time & Company Paid Holidays

Parental Leave

401(k) Retirement Plan

Group Term Life and Travel Assistance

Voluntary Life and AD&D Insurance

Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts

Transit and Parking Commuter Benefits

Short-Term & Long-Term Disability

Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities

Employee Referral Program

Corporate Sponsored Events & Community Outreach

Care.com annual membership

Employee Assistance Program

Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)

Position may be eligible for a discretionary variable incentive bonus

About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.


Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.


If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.


Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.

Confirm your E-mail: Send Email