​The Vulnerability Engineer will support vulnerability remediation efforts for the DMDC IT GEMS engagement. Candidates should have a strong in-depth knowledge of the Windows OS (Windows Workstation and Windows server) as well as a foundational knowledge of LINUX/UNIX OS, networking, databases, and other IT Technologies required. Working knowledge of DevSecOps functionality a plus. I this role you will collaborate with technical and compliance teams across the organization.

Primary Location: Washington D.C., or Seaside, CA

Hybrid (occasional on-site required): Average 1 day per week at Mark Center or Seaside

Requirements:

• Curren DoD Secret Clearance  
• 5+ years of operational experience in vulnerability management or security engineering with a working knowledge of OS hardening/compliance/DISA STIGs.
• Position requires 8570 Certification (e.g. Security +, CISSP).
• Experience in Information Technology/Vulnerability Management/Cybersecurity
• Demonstrate deep technical knowledge in the management and configuration of operating systems, networks, and software including knowledge of OS authentication mechanisms, permissions, and a solid understanding of networking
• In-depth knowledge of network protocols, operating systems, and common vulnerabilities.
• Familiarity with security frameworks and standards (e.g., NIST, ISO 27001)

Desired Skills:

•  Working knowledge of ACAS. Knowledge of PowerShell. Experience with MECM, Tanium, and MDE a plus
• Understanding of DISA STIGs and Information Assurance Vulnerability Management (IAVM) Program
• Working knowledge of Red Hat Advanced Cluster Security for Kubernetes (StackRox) and Splunk strongly desired. Strong critical thinking, communication, and organizational skills
• Capable of performing trend and analysis of vulnerability scan data and preparation of weekly metrics for presentation to leadership
• Demonstrate broad security experience, which must include vulnerabilities, risks, and security mechanisms that are common in today's government systems​