Vulnerability and Patch Management Lead

Job Description:

As a Vulnerability and Patch Management Lead at SASSI, who will join our team and support our United States Government client remotely. The Vulnerability and Patch Management Lead works closely with stakeholders and other members of the technical team to gather technical requirements and execute on deliverables. The Vulnerability and Patch Management Lead works with an integrated project team comprised of multiple technical disciplines.


Primary Responsibilities:

In this role, you will:

  • The Vulnerability and Patch Management Lead will play a leading role in driving information security analysis and vulnerability remediation.

  • Including hands on requirement updating vulnerability management policies and procedures; and leading the patch management team.

  • Regularly communicate the progress of initiatives in writing and/or in presentation to project manager/senior analyst.

  • Execute Information Security strategy to proactively identify risk and drive remediation.

  • Responsible for implementing critical security updates and patches to USG systems.

  • Tasks involve integration of electronic processes or methodologies to resolve total system problems or technology problems.

  • Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the Project Manager.

Basic Qualifications

  • US Citizen

  • Must hold a minimum Secret clearance

  • 8 years’ experience in system engineering/analyst experience

  • 5 years specialized experience implementing security controls, performing system security testing, recommending remediation, and reporting security posture changes.

  • Experience navigating complex organizations, developing, and delivering vision through various communication strategies and presentations to senior-level executives and technical audiences.

  • Expert knowledge of LANs, WANs, VPNs, routers, firewalls, network protocols, and other security and network operations and monitoring, vulnerability analysis, PKI, data encryption, key management, data warehousing, and data mining capabilities.

  • Good understanding of security governance, compliance, and risk management principles.

  • Possesses and demonstrates a strong understanding of controls assessment techniques.

  • Familiarity with common standards, frameworks, and regulations such as:

  • NIST, ISO, COBIT, SIG, CCM, SOC-2, FAIR, HITRUST, PCI, GDPR.

  • Able to function independently and perform routine task such as:

  • Facilitate meetings, organize conference calls, deliver presentations and so forth

  • Strong analytic and problem-solving skills.

  • Strong oral & written communications to include report development and delivery.

Desired Toolsets (does not have to be all of them):

  • RedSeal

  • Tenable

  • ServiceNow

  • Microsoft TEAMs

  • Technology Harding Tools (e.g., DISA STIGs, CIS Benchmarks, Vendor Guidelines)

  • Governance Risk & Compliance (GRC) Tools (e.g., eMASS, RSA Archer, Xacta)

  • Splunk

  • Penetration Testing Tools (e.g., Nmap, Wireshark, Nessus, Metasploit, Aircrack, NetSparker, RedSeal, Burp Suite)

  • Phishing simulations

  • Cortex XDR endpoint detection and response tool

Desired Skillsets:

  • Report Writing (Technical & Non-Technical)

  • Technical Writing Techniques

  • Drafting government policies and procedures

  • Drafting government RMF SSP and A&A packages

  • Ability to perform qualitative and quantitative risk analysis

  • Zero Trust Architecture (ZTA) Design

  • Cyber Resilience Assessment Methodology

Preferred Qualifications

  • IAM III Certification Level

  • CISSP certification

  • Bachelor's degree in Computer Science, Information Systems, or other related discipline.

Full Time / Part Time

Full time


Regular / Temporary

Regular


Job Exempt (Yes / No)

Yes