Urgent and Immediate opportunity for a REMOTE, SW Vulnerability Technical Lead/Manager to join our clients team to support a long-term government contract. The selected candidate will have a Secret Clearance, Security+ certification, and 7-10 years of IT/Cybersecurity experience, specifically with management and operations of Static, Dynamic, open source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.
- Serve as the Technical Lead for Software Vulnerability Management Suite of Tools and daily operations
- Serve as a Line Manager for staff supporting Cybersecurity Software Vulnerability Management Suite of Tools (Sonatype, Fortify, WebInspect, Burp, etc), ranging from a staff of 1 to 5 staff members over the life of the contract
- Manage/oversee and or directly perform analyst and engineering duties. Provide surge support when the assigned analyst and engineer need to meet daily operations objectives
- Analyst Functions
- Maintain a POA&M inventory of applications
- Review POA&M submissions, evaluate compliance, non-compliance, N/As, and false positives and prioritize recommendations for the development team.
- Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization-s needs
- Support DevSecOPS integration
- Provide SAST Product suite installation, configuration and tuning
- Manage external data feeds integration (Dynamic Application Security Testing, Static Application Security Testing, Open Source Vulnerability Scanner, etc.) into the Security Center
- Conduct security evaluations of recommended vendor software for the enterprise
- Collaborate with AppSec tool suite vendors.
- Collaborate with leadership to develop metrics based on enterprise situational awareness and monitoring
- Provide Central Application Vulnerability Management (CAVM) performance metrics
- Track, measure and evaluate application security compliance across the enterprise