Apply Now    

Cyber Vulnerability Manager

Req #: 135064
Location: Linthicum, MD US
Job Category: Information Technology
Minimum Clearance Required: Secret

Job Description

Summary:  CACI is in search of a qualified Vulnerability Manager.  The Vulnerability Management position will provide technical support the DoD Vulnerability Disclosure Program (VDP) for the Defense Cyber Crime Center (DC3). These activities directly support the mission to improve defense of the DoD Information Network (DoDIN), by receiving, validating, and disseminating cybersecurity vulnerabilities reported by private-sector researchers. Duties and Responsibilities: - The VDP team tracks and analyzes reported vulnerabilities and mitigation actions by systems owners to identify gaps in DoDIn defenses; areas requiring increased attention, and areas for improvement. - This position performs technical validation and initial severity assessment of externally-reported web security vulnerabilities. EDUCATION & EXPERIENCE: Typically requires a bachelor's degree or equivalent and 10 to 12 years related experience. Master's degree or doctorate in field mathematics, telecommunications, electrical engineering, computer engineering, or computer science is preferred.   - 18-22 years of professional experience without a degree; or 10-14 years of professional experience with a Bachelor's degree from an accredited college in a related discipline, or equivalent experience/combined education; or 8-12 years of professional experience with a related Master's degree; or 4 years of professional experience required with a related PhD or JD; Considered an emerging authority / authority in discipline. Consideration should always be given for the level of specific domain expertise.   Required Qualifications: - Expert technical understanding of software and web application security (e.g., security headers, TLS configuration, secure design and coding practices) and vulnerabilities (e.g. XSS, SQLi, XXE, injection and inclusion) - Demonstrated technical ability to validate web vulnerabilities on live DoD web properties using manual techniques and common tools - Demonstrated ability to recognize, interpret, and communicate in information assurance vulnerability management (IAVM), Risk Management Framework (RMF), and security technical implementation guides (STIGs) - Demonstrated knowledge of various software testing methodologies, test case creation and the reporting process - Knowledge of current DoD cyber security challenges and threats - Knowledge of common web application architecture and programming techniques, including common languages (e.g., JavaScript, PHP, SQL) - Exceptional verbal and written communication skills; ability to provide expert review of accurate and timely technical reports for release for external customers - Ability to work multiple tasks and flexibility to adapt to dynamic work environment to meet organizational requirements - Ability to use sound judgement when conducting live testing to avoid or minimize impact to production services and data - Superior organizational skills to analyze, develop, and deliver detailed reports to meet short suspense windows - Certifications (any): CISSP, CEH, GCIH, Network+, Security+, A+, CCNA Desired Skills: - Demonstrated experience leading a team - Demonstrated experience with ISS and Apache servers - Demonstrated knowledge of Python, CGI gateways and other application development and web design - Demonstrated knowledge of industry standard applications such as BURP, Netsparker, and Zed Attack Proxy   PHYSICAL DEMANDS: Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.

Job Location

US-Linthicum-MD-BALTIMORE


 

CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.

Apply Now