• This role directs enterprise vulnerability assessment operations using the Assured Compliance Assessment Solution (ACAS), Tenable Security Center, and Nessus scanning infrastructure to protect DoW mission systems across both unclassified and classified networks.
• Directs enterprise vulnerability assessment operations using ACAS to support DoW mission systems across unclassified and classified networks.
• Operates and sustains Tenable Security Center and Nessus scanning infrastructure to deliver continuous monitoring aligned with Risk Management Framework objectives and DoW guidance.
• Designs and configures credentialed vulnerability and compliance scans across virtualized, cloud, and on premise environments including VMware, Windows Server, Red Hat Enterprise Linux, container platforms, and network appliances.
• Develops and maintains custom scan policies, STIG and SRG compliance profiles, authenticated scanning credentials, and asset tagging structures aligned to mission criticality and operational risk.
• Analyzes vulnerability findings, validates results, performs risk categorization, and correlates findings with IAVA notifications, patch cycles, and configuration baselines.
• Coordinates remediation activities with system administrators, network engineers, and cybersecurity teams using ServiceNow, Jira, and SharePoint to track corrective actions and evidence closure.
• Produces authoritative vulnerability assessment reports, compliance dashboards, and executive summaries supporting Authorizing Officials, Senior Information Security Officers, and Combatant Command stakeholders.
• Maintains scanning infrastructure availability through lifecycle management, scanner updates, plugin maintenance, and performance tuning.
• Supports audit readiness, continuous monitoring reviews, and authorization decisions through traceable documentation and defensible reporting.
• Delivers measurable improvements in security visibility, vulnerability remediation velocity, and cyber resilience while advancing program values of mission assurance, operational readiness, accountability, and information advantage.
• Performs other duties as assigned.
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• IAM I - CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• 12 + years of experience in enterprise vulnerability assessment and compliance scanning using ACAS, Tenable, and Nessus across multi-domain environments.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).