SW Vulnerability Technical Lead/Manager (REMOTE)

SW Vulnerability Technical Lead/Manager (REMOTE)

Vacancy expired!

Urgent and Immediate opportunity for a REMOTE, SW Vulnerability Technical Lead/Manager to join our clients team to support a long-term government contract. The selected candidate will have a Secret Clearance, Security+ certification, and 7-10 years of IT/Cybersecurity experience, specifically with management and operations of Static, Dynamic, open source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.

Responsibilities Include:

- Serve as the Technical Lead for Software Vulnerability Management Suite of Tools and daily operations

- Serve as a Line Manager for staff supporting Cybersecurity Software Vulnerability Management Suite of Tools (Sonatype, Fortify, WebInspect, Burp, etc), ranging from a staff of 1 to 5 staff members over the life of the contract

- Manage/oversee and or directly perform analyst and engineering duties. Provide surge support when the assigned analyst and engineer need to meet daily operations objectives

- Analyst Functions

- POA&MS

- Maintain a POA&M inventory of applications

- Review POA&M submissions, evaluate compliance, non-compliance, N/As, and false positives and prioritize recommendations for the development team.

Engineering Functions:

- Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization-s needs

- Support DevSecOPS integration

- Provide SAST Product suite installation, configuration and tuning

- Manage external data feeds integration (Dynamic Application Security Testing, Static Application Security Testing, Open Source Vulnerability Scanner, etc.) into the Security Center

Vendors:

- Conduct security evaluations of recommended vendor software for the enterprise

- Collaborate with AppSec tool suite vendors.

Reports/Metrics/Documentation:

- Collaborate with leadership to develop metrics based on enterprise situational awareness and monitoring

- Provide Central Application Vulnerability Management (CAVM) performance metrics

- Track, measure and evaluate application security compliance across the enterprise

#urgent #remote