Information Assurance Vulnerability Manager
ICF is seeking an experienced Information Assurance Vulnerability Manager to lead and directly participate in activities associated with maintaining a comprehensive vulnerability management program to rapidly identify and respond to vulnerabilities based on threat and mission operations. The Contractor shall ensure that the CSSP has the capability to receive threat, vulnerability, and attack notifications; and take directed corrective actions to mitigate potential vulnerabilities or threats. The Contractor shall ensure the Vulnerability Management program is operated in accordance with NIST SP 800-40 and the DoD Information Assurance Vulnerability Management program.
Duties & Responsibilities:
Executing, drafting, editing, and maintaining SOP documentation Technical/Analysis Reports, General (CDRL A001).
Continuous Monitoring and Risk Scoring (CMRS) configuration, use, populating with ACAS results, and report generation to support the IAVM program.
Vulnerability Remediation Asset Manager (VRAM) configuration, use, populating with ACAS results, and report generation to support the IAVM program.
Managing, disseminating, interpreting, and tracking compliance with IAVM associated messages including Alerts (IAVA), Information Assurance Vulnerability Bulletins (IAVB), and Information Assurance Vulnerability Technical Bulletins (IAVT).
Testing available vendor provided patches or remediation procedures in the lab for issues prior to implementation in the production environment. Documenting installation procedures and distributing these procedures to subscriber sites and other POCs for their use Technical/Analysis Reports, General (CDRL A001).
Obtaining from supported entities required security policy compliance documentation and artifacts; assess compliance with requirements; and develop POA&M documentation for any subscriber owned or managed assets that cannot be patched to achieve IAVM compliance.
Implementing a DoD IAVM program utilizing risk management principals.
Providing internal status reports on IAVM activities.
Providing internal status reports on supported entities’ Cyberspace Protection Condition (CPCON) compliance status.
Participating in program reviews and onsite certification evaluations.
Configure Vulnerability Management Service (VMS) for production of DoD Secure Configuration Compliance Validation Initiative (SCVVI) tool results to meet reporting requirements to support the IAVM program.
Perform DoD SCVVI tool and manager servers and performing associated monthly and ad-hoc scans on subscriber networks. Such scans and associated IAVM compliance reporting shall be tailored to meet the needs of the individual subscriber.
Assume responsibility for the CSSP’s execution of the DoD IAVM program and oversee and direct the activities for a team of support analysts.
Support the CSSP 24x7 Watch capabilities by executing IAVM-related duties consistent with CSSP requirements during non-core business hours.
Coordinate with Incident Response and Infrastructure Support staff to meet CSSP requirements.
- 7+ years relevant IT experience
- 3+ years in a leadership position
- Bachelor's degree or equivalent experience
- Security clearance required - DOD preferred
- An advanced understanding of current threats and trends present in the Information Security and Technology field
- Advanced knowledge of network and systems technologies and security protocols
- Strong initiative and a personal interest in Information Technology Security
- People skills and the ability to communicate effectively with various clients with the ability to explain and elaborate on technical details
- Excellent written and verbal communication skills.
- Excellent analytical and problem solving skills.
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
ICF is an equal opportunity employer that values diversity at all levels. (EOE – Minorities/Females/ Protected Veterans Status/Disability Status/Sexual Orientation/Gender Identity). For more information, please read our EEO & AA policy.
Reasonable Accommodations are available for disabled veterans and applicants with disabilities in all phases of the application and employment process. To request an accommodation please email email@example.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.
DC Client Office (DC88)