The Cybersecurity SME is a key contract personnel who provides expert guidance and technical ... Support operational cybersecurity activities, including vulnerability scanning, IAVM compliance ...
The Cybersecurity SME is a key contract personnel who provides expert guidance and technical ... Support operational cybersecurity activities, including vulnerability scanning, IAVM compliance ...
They are known to respect a traditional work week and often extend contracts for added job security ... scan results, track and coordinate with system owners to ensure timely remediation Maintain a ...
They are known to respect a traditional work week and often extend contracts for added job security ... scan results, track and coordinate with system owners to ensure timely remediation Maintain a ...
Network Security Engineer
Lansing, MI · On-site
$50 - $60/hr
Contract (C2C) Interview Mode: Virtual Seeking a senior Network Security Engineer to lead firewall ... Design and implement enterprise vulnerability scanning programs * Deploy and manage tools such as ...
Quick apply
Apply Early
Network Security Engineer
Lansing, MI · On-site
$50 - $60/hr
Contract (C2C) Interview Mode: Virtual Seeking a senior Network Security Engineer to lead firewall ... Design and implement enterprise vulnerability scanning programs * Deploy and manage tools such as ...
Apply Early
Vulnerability Assessment Analyst
Arlington, VA · On-site
$198K/yr
You will also perform vulnerability scans and analyze results to identify weaknesses and potential ... as well as contract-specific affordability and organizational requirements. The projected ...
Vulnerability Assessment Analyst
Arlington, VA · On-site
$198K/yr
You will also perform vulnerability scans and analyze results to identify weaknesses and potential ... as well as contract-specific affordability and organizational requirements. The projected ...
Risk and Vulnerability Analyst with Security Clearance
Chandler, AZ · On-site
$80K - $128K/yr
Execute vulnerability assessments using industry-standard scanning tools across networks, systems ... and contract considerations. Depending on the position, employees may be eligible for overtime ...
Risk and Vulnerability Analyst with Security Clearance
Chandler, AZ · On-site
$80K - $128K/yr
Execute vulnerability assessments using industry-standard scanning tools across networks, systems ... and contract considerations. Depending on the position, employees may be eligible for overtime ...
Senior Artifact Scanning & Policy Engineer
Falls Church, VA · On-site
$122K - $167K/yr
This position is contingent upon contract award. The War Data Platform (WDP) is a key initiative ... from vulnerability and configuration risk. • Implements scanning stages and policy-as-code ...
Senior Artifact Scanning & Policy Engineer
Falls Church, VA · On-site
$122K - $167K/yr
This position is contingent upon contract award. The War Data Platform (WDP) is a key initiative ... from vulnerability and configuration risk. • Implements scanning stages and policy-as-code ...
Senior Artifact Scanning & Policy Engineer
Falls Church, VA · On-site
$122K - $167K/yr
This position is contingent upon contract award. The War Data Platform (WDP) is a key initiative ... from vulnerability and configuration risk. • Implements scanning stages and policy-as-code ...
Senior Artifact Scanning & Policy Engineer
Falls Church, VA · On-site
$122K - $167K/yr
This position is contingent upon contract award. The War Data Platform (WDP) is a key initiative ... from vulnerability and configuration risk. • Implements scanning stages and policy-as-code ...
Security Engineer - Junior
Lanham, MD · Remote
$80K - $110K/yr
Basic experience with vulnerability scanning tools (Tenable, Qualys, or equivalent) * Understanding ... This position is contingent upon contract award. Employment is not guaranteed and will proceed only ...
Quick apply
Security Engineer - Junior
Lanham, MD · Remote
$80K - $110K/yr
Basic experience with vulnerability scanning tools (Tenable, Qualys, or equivalent) * Understanding ... This position is contingent upon contract award. Employment is not guaranteed and will proceed only ...
Security Engineer - Junior with Security Clearance
Lanham, MD · On-site
$80K - $110K/yr
Basic experience with vulnerability scanning tools (Tenable, Qualys, or equivalent) * Understanding ... This position is contingent upon contract award. Employment is not guaranteed and will proceed only ...
Security Engineer - Junior with Security Clearance
Lanham, MD · On-site
$80K - $110K/yr
Basic experience with vulnerability scanning tools (Tenable, Qualys, or equivalent) * Understanding ... This position is contingent upon contract award. Employment is not guaranteed and will proceed only ...
Security Engineer - Junior
Lanham, MD · On-site +1
$80K - $110K/yr
Basic experience with vulnerability scanning tools (Tenable, Qualys, or equivalent) * Understanding ... This position is contingent upon contract award. Employment is not guaranteed and will proceed only ...
Security Engineer - Junior
Lanham, MD · On-site +1
$80K - $110K/yr
Basic experience with vulnerability scanning tools (Tenable, Qualys, or equivalent) * Understanding ... This position is contingent upon contract award. Employment is not guaranteed and will proceed only ...
Review scanner results and perform vulnerability prioritization based on risk based analysis for ... contract, candidates with U.S. Citizenship or GC Holders are encouraged to apply. All your ...
Review scanner results and perform vulnerability prioritization based on risk based analysis for ... contract, candidates with U.S. Citizenship or GC Holders are encouraged to apply. All your ...
Vulnerability Assessment Analyst
Alexandria, VA · On-site
$112K - $257K/yr
You'll also perform vulnerability scans and analyze results to identify weaknesses and potential ... as well as contract-specific affordability and organizational requirements. The projected ...
Vulnerability Assessment Analyst
Alexandria, VA · On-site
$112K - $257K/yr
You'll also perform vulnerability scans and analyze results to identify weaknesses and potential ... as well as contract-specific affordability and organizational requirements. The projected ...
Vulnerability Assessment Analyst
Arlington, VA · On-site
$112K - $257K/yr
You'll also perform vulnerability scans and analyze results to identify weaknesses and potential ... as well as contract-specific affordability and organizational requirements. The projected ...
Vulnerability Assessment Analyst
Arlington, VA · On-site
$112K - $257K/yr
You'll also perform vulnerability scans and analyze results to identify weaknesses and potential ... as well as contract-specific affordability and organizational requirements. The projected ...
ACAS Subject Matter Expert
Falls Church, VA · On-site
$180K - $210K/yr
This position is contingent upon contract award. Summary: ACAS Subject Matter Experts manage and operate DoD's enterprise vulnerability scanning capability based on Tenable Security Center and Nessus.
Quick apply
Apply Early
ACAS Subject Matter Expert
Falls Church, VA · On-site
$180K - $210K/yr
This position is contingent upon contract award. Summary: ACAS Subject Matter Experts manage and operate DoD's enterprise vulnerability scanning capability based on Tenable Security Center and Nessus.
Apply Early
Review scanner results and perform vulnerability prioritization based on risk based analysis for ... contract, candidates with U.S. Citizenship or GC Holders are encouraged to apply. All your ...
Review scanner results and perform vulnerability prioritization based on risk based analysis for ... contract, candidates with U.S. Citizenship or GC Holders are encouraged to apply. All your ...
Vulnerability Management Remediator (Tanium Specialist) Atlanta, GA - Onsite Long Term Contract ... Proficiency in OS administration and interpreting vulnerability scan results. * Familiarity with ...
Vulnerability Management Remediator (Tanium Specialist) Atlanta, GA - Onsite Long Term Contract ... Proficiency in OS administration and interpreting vulnerability scan results. * Familiarity with ...
Vulnerability Assessment Analyst-Arlington,Virginia
Springfield, VA · On-site
$198K/yr
You will also perform vulnerability scans and analyze results to identify weaknesses and potential ... as well as contract-specific affordability and organizational requirements. The projected ...
Vulnerability Assessment Analyst-Arlington,Virginia
Springfield, VA · On-site
$198K/yr
You will also perform vulnerability scans and analyze results to identify weaknesses and potential ... as well as contract-specific affordability and organizational requirements. The projected ...
Vulnerability Analyst, Journeyman
Herndon, VA · On-site
$80K - $128K/yr
Execute vulnerability scans (ACAS, Forescout, Nessus, etc.), review results, and validate findings ... and contract considerations. Depending on the position, employees may be eligible for overtime ...
Vulnerability Analyst, Journeyman
Herndon, VA · On-site
$80K - $128K/yr
Execute vulnerability scans (ACAS, Forescout, Nessus, etc.), review results, and validate findings ... and contract considerations. Depending on the position, employees may be eligible for overtime ...
... for a contract opportunity in Plano, TX. Security Analyst Job Details The Security Analyst manages and operates vulnerability scanning solutions and enables the discovery, reporting, and ...
... for a contract opportunity in Plano, TX. Security Analyst Job Details The Security Analyst manages and operates vulnerability scanning solutions and enables the discovery, reporting, and ...
Senior Vulnerability Engineer W2 Hiring
$103K - $142K/yr
Contract Interview: Phone/Skype The Senior Vulnerability Engineer is a hands-on role responsible ... Experience with vulnerability scanning and exposure management tools (e.g., Rapid7, Wiz) and ...
Senior Vulnerability Engineer W2 Hiring
$103K - $142K/yr
Contract Interview: Phone/Skype The Senior Vulnerability Engineer is a hands-on role responsible ... Experience with vulnerability scanning and exposure management tools (e.g., Rapid7, Wiz) and ...
Contract Vulnerability Scanning information
See salary details
$12.98 - $13.83
2% of jobs
$13.83 - $14.69
11% of jobs
$15.54 is the 25th percentile. Wages below this are outliers.
$14.69 - $15.54
11% of jobs
$15.54 - $16.39
17% of jobs
The median wage is $16.77 / hr.
$16.39 - $17.24
19% of jobs
$17.24 - $18.09
14% of jobs
$18.22 is the 75th percentile. Wages above this are outliers.
$18.09 - $18.95
7% of jobs
$18.95 - $19.80
8% of jobs
$19.80 - $20.65
3% of jobs
$20.65 - $21.50
3% of jobs
$21.50 - $22.36
4% of jobs
$12
$17
$22
How much do contract vulnerability scanning jobs pay per hour?
What is contract vulnerability scanning?
What are some common challenges faced by professionals in Contract Vulnerability Scanning roles?
What is the difference between Contract Vulnerability Scanning vs Penetration Tester?
| Aspect | Contract Vulnerability Scanning | Penetration Tester |
|---|---|---|
| Primary Focus | Automated identification of security vulnerabilities in systems | Manual and automated testing to exploit vulnerabilities and assess security |
| Tools & Techniques | Vulnerability scanners, automated tools | Custom scripts, penetration tools, manual testing |
| Work Environment | Typically performed remotely or on client sites, within security teams | Often on-site, conducting simulated attacks |
| Certifications | CompTIA Security+, CISSP, CEH | OSCP, CEH, GPEN |
Contract Vulnerability Scanning involves automated tools to identify security weaknesses, while Penetration Testers perform manual and automated testing to exploit vulnerabilities. Both roles require security certifications but differ in approach and scope, with vulnerability scanning being more automated and penetration testing more hands-on.
What are the key skills and qualifications needed to thrive as a Contract Vulnerability Scanning Specialist, and why are they important?
Job description
Cybersecurity SME JR
Alexandria, VA
Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer’s core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large-scale government operations by leveraging cutting-edge technology and take your career to the next level!Â
The Cybersecurity SME is a key contract personnel who provides expert guidance and technical leadership, leading the contractor cybersecurity personnel, supporting, and representing the AGC Information System Security Manager (ISSM) in customer and management/leadership meetings for the area of cybersecurity.
Responsibilities
- Report on and perform Continuous Monitoring on all AGC-supported systems and networks; identify, mitigate, and resolve cybersecurity incident issues and concerns
- Develop guidelines/plans, analyses, reviews, and mitigations in the areas of security incident response and mitigation strategies, vulnerability scanning, writing security assessments, and other cybersecurity-related activities and mandates
- Respond to all cybersecurity notices as directed by the Cyber Security Service Provider (CSSP) and pertinent service providers, take action to comply with security notices, and record compliance
- Provide technical support, including documentation, to enable required AGC systems to meet the requirements of receiving an Authority to Operate (ATO) accreditation decision via the Department of Defense (DoD) Risk Management Framework (RMF)
- Support operational cybersecurity activities, including vulnerability scanning, IAVM compliance, STIG and SRG application, assessment, and remediation, and POA&Ms
- Support cybersecurity governance, risk, and compliance by providing plans, policies, and procedures relevant to AGC’s systems, applications, and networks, including AGC GovCloud (L2/L4), and other accredited systems/applications.
- Manage accreditation and continuously monitor activities, as well as the vulnerability management and incident response functions for all supported systems and networks.
- Support operational cybersecurity activities, including vulnerability scanning, IAVM compliance, STIG and SRG application, assessment, and remediation, and POA&M.
- Support cybersecurity governance, risk, and compliance by providing plans, policies, and procedures relevant to AGC’s systems, applications, and networks, including AGGC-R Cloud and/or AGC Army AWS Cloud, C2IE, OHASIS.
- Maintains AGC’s Tenant Security Plans (TSP) for SIPR and NIPR, Authority to Operate (ATO) for JWICS and Interim Authority to Test (IATT), Approval to Connect (ATC), and any other documentation necessary to support AGC’s network connections and mission systems.
- Manage the eMASS records for AGC’s mission systems and enclaves, create and track POA&Ms, track IAVM and STIG compliance, and manage eMASS artifacts necessary to support evidence for applicable security controls.
- Support RMF activities, including categorization of systems IAW NIST SP 800-60, selection of security controls IAW CNSSI 1253 and NIST SP 800-53, assessment of security controls IAW NIST SP 800-53A, development and implementation of Continuous Monitoring Plans IAW NIST SP800-137, STIG Traceability Matrix, hardware/software/firmware list, and System Security Plan (SSP).
- Participate in the configuration process (CM) through representation on the Technical Review Board (TRB) and Configuration Control Board (CCB) and provide a security impact assessment for changes submitted through Request for Change (RFCs).
- Responsible for the continuous monitoring of AGC’s systems, applications, and networks
- Configure vulnerability scanning, analyze results, and close or mitigate findings.
- Organize the assessment of AGC GISO IT assets using applicable STIGs, SRGs, and/or vendor supply hardening guidelines.
- Responsible for configuring AGC GISO IT assets for vulnerability scanning and ensuring 100% coverage using credentialed scans.
- Coordinate with RNEC-NCR, C5ISR, GISA, and other Army enterprise service providers, as necessary, to ensure vulnerability assessment tools are in place and working properly.
- Analyze vulnerability scan results and resolve open findings for findings that cannot be closed, create a POA&M, and recommend mitigation(s) to lessen the impact of the vulnerability; submit Operational Impact Statements (OIS) for Critical and High IAVAs.
- Create a POA&M and recommend mitigation(s) to lessen the impact of the vulnerability IAW with ARCYBER OPORD 2016-129, submit Operational Impact Statements (OIS) for Critical and High IAVAs.
- Support response procedures for cybersecurity incidents, like breaches, spills, and insider threat actions.
- In coordination with the ISSM and IA Officer, all cybersecurity documentation required for accreditation for AGC’s GISO assets, including but not limited to: architecture diagrams, boundary diagrams, data flow diagrams, ports, protocols, service exception requests, PKI certifications, IA metrics, and Privacy Impact Assessments (PIA) in the requisite cybersecurity document repository.
- Identify, mitigate, and resolve cybersecurity incident issues and concerns
- Develop guidelines/plans, analyses, reviews, and mitigations in the areas of security incident response and mitigation strategies, vulnerability scanning, writing security assessments, and other cybersecurity-related activities and mandates.
- Provide technical support, including documentation, to enable AGC systems to meet the requirements of receiving an Authority to Operate (ATO) accreditation decision via the Department of Defense (DoD) Risk Management Framework (RMF).
- Provide input to the weekly and monthly status report covering technical activities for this functional area, including priorities, tasks, accreditation due dates and schedules, POA&M status, metrics, continuous monitoring tasks, etc.
- Other duties as assigned
Qualifications
- BA/BS degree preferred
- 5+ years of relevant experience with DoD in an IA/Cybersecurity role preferred
- DoD 8570.01-M IAM II required
- IASE III certifications preferred
- Active TS/SCI clearance required
Knowledge, Skills, and Abilities:
- Trained and experienced with DoD vulnerability scanning tools, including Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol Compliance Checker (SCAP), Security Technical Implementation Guide (STIG) Viewer, Endpoint Security Solution (ESS), and AWS GovCloud security tools, including AWS Security Hub, Amazon Inspector, AWS Config, Amazon GuardDuty, Amazon Detective, and Amazon Macie.
- Must be proficient with related automated tools, including but not limited to the Enterprise Mission Assurance Support Service (eMASS), Host-Based Security System (HBSS), and Assured Compliance Assessment Solution (ACAS).
- Shall possess expert knowledge and in-depth experience with:
- Application and system assessment, determination of accreditation requirements (Assess Only, ATO, IATT, etc.).
- Categorization of information systems and/or data types IAW NIST SP 800-60 Vol II.
- Establishment of Security Requirements Traceability Matrix, which identifies applicable DISA STIGs and SRGs.
- Selection of security controls per NIST SP 800-53 and CNSSI 1253.
- Writing System Security Plan (SSP), associated security controls assessment artifacts, and PO&AMs.
- Application of DISA STIGs and SRGs.
- Management of security controls assessment artifacts in eMASS in preparation of packages for RMF (DoDI 8510.01, NIST SP 800-37) processes.
- Evaluation of security controls per NIST SP 800- 53A.
- Implementation of continuous monitoring solutions per NIST SP 800-13
- Knowledge and experience with current DoD and Army IA policies and procedures, RMF certification and accreditation procedures and requirements, APMS reporting procedures, and an understanding of the unique acquisition community IA issues.
- Familiarity with Army and DoD regulations concerning IA implementation
- Able to lead/oversee Program Protection Planning (PPP) and Security Classification Guide development and production for developmental and production systems.
- Knowledge and experience in the security sub-disciplines supporting Army IA, certification and accreditation, IA security testing, and security management for both developmental and production systems, including but not limited to Communications Security, Physical Security, OPSEC, Risk Assessments, Personnel Security, Tempest, Network Security, Security Inspections, and User Training.
- Must have advanced working knowledge of a variety of computer software applications in word processing, spreadsheets, database (MSWord, Excel, Access, PowerPoint), and Outlook.
How you’ll growÂ
At Chenega MIOS, our professional development plan focuses on helping our team members at every level of their careers to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn.Â
We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their careers.Â
BenefitsÂ
At Chenega MIOS, we know that great people make a great organization. We value our team members and offer them a broad range of benefits.Â
Learn more about what working at Chenega MIOS can mean for you.Â
Chenega MIOS’s cultureÂ
Our positive and supportive culture encourages our team members to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them be healthy, centered, confident, and aware. We offer well-being programs and continuously look for new ways to maintain a culture where we excel and lead healthy, happy lives.Â
Corporate citizenshipÂ
Chenega MIOS is led by a purpose to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our team members, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities.Â
Learn more about Chenega’s impact on the world.Â
Chenega MIOS News- https://chenegamios.com/news/Â
Tips from your Talent Acquisition TeamÂ
We want job seekers exploring opportunities at Chenega MIOS to feel prepared and confident. To help you with your research, we suggest you review the following links:Â
Chenega MIOS web site - www.chenegamios.comÂ
Glassdoor - https://www.glassdoor.com/Overview/Working-at-Chenega-MIOS-EI_IE369514.11,23.htmÂ
LinkedIn - https://www.linkedin.com/company/1472684/Â
Facebook - https://www.facebook.com/chenegamios/
#Chenega IT Enterprise Services, LLC
Qualifications:- BA/BS degree preferred
- 5+ years of relevant experience with DoD in an IA/Cybersecurity role preferred
- DoD 8570.01-M IAM II required
- IASE III certifications preferred
- Active TS/SCI clearance required
Knowledge, Skills, and Abilities:
- Trained and experienced with DoD vulnerability scanning tools, including Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol Compliance Checker (SCAP), Security Technical Implementation Guide (STIG) Viewer, Endpoint Security Solution (ESS), and AWS GovCloud security tools, including AWS Security Hub, Amazon Inspector, AWS Config, Amazon GuardDuty, Amazon Detective, and Amazon Macie.
- Must be proficient with related automated tools, including but not limited to the Enterprise Mission Assurance Support Service (eMASS), Host-Based Security System (HBSS), and Assured Compliance Assessment Solution (ACAS).
- Shall possess expert knowledge and in-depth experience with:
- Application and system assessment, determination of accreditation requirements (Assess Only, ATO, IATT, etc.).
- Categorization of information systems and/or data types IAW NIST SP 800-60 Vol II.
- Establishment of Security Requirements Traceability Matrix, which identifies applicable DISA STIGs and SRGs.
- Selection of security controls per NIST SP 800-53 and CNSSI 1253.
- Writing System Security Plan (SSP), associated security controls assessment artifacts, and PO&AMs.
- Application of DISA STIGs and SRGs.
- Management of security controls assessment artifacts in eMASS in preparation of packages for RMF (DoDI 8510.01, NIST SP 800-37) processes.
- Evaluation of security controls per NIST SP 800- 53A.
- Implementation of continuous monitoring solutions per NIST SP 800-13
- Knowledge and experience with current DoD and Army IA policies and procedures, RMF certification and accreditation procedures and requirements, APMS reporting procedures, and an understanding of the unique acquisition community IA issues.
- Familiarity with Army and DoD regulations concerning IA implementation
- Able to lead/oversee Program Protection Planning (PPP) and Security Classification Guide development and production for developmental and production systems.
- Knowledge and experience in the security sub-disciplines supporting Army IA, certification and accreditation, IA security testing, and security management for both developmental and production systems, including but not limited to Communications Security, Physical Security, OPSEC, Risk Assessments, Personnel Security, Tempest, Network Security, Security Inspections, and User Training.
- Must have advanced working knowledge of a variety of computer software applications in word processing, spreadsheets, database (MSWord, Excel, Access, PowerPoint), and Outlook.
How you’ll growÂ
At Chenega MIOS, our professional development plan focuses on helping our team members at every level of their careers to identify and use their streng...
About Chenega
Sourced by ZipRecruiter
Industry
It services
Company size
5,001 - 10,000 Employees
Headquarters location
Anchorage, AK, US