Vulnerability Team Lead

Edgewater Federal Solutions is currently seeking a Vulnerability Team Lead to provide support to an Edgewater Federal government contract.

The Vulnerability Team Lead will be leading critical support for the NIH Information Security’s vulnerability management program (NIH VM) as part of the Office of the CIO. They will help create a robust proactive approach for preventing unauthorized access, changes, or exploitation of vulnerabilities through mitigation, active defenses, and automated responses. The NIH VM team’s portfolio of activities includes providing vulnerability detection and remediation oversight, vulnerability research, secure baseline compliance, web application security, host-based security, network security, and acting as security subject matter experts for all of NIH.

What you will do:

• • Perform Project Management activities, including assigning tasks, 1-1 coaching, timesheet reconciliation, performance evaluations, etc.).
  • Lead the redesign, build and day-to-day operations of the vulnerability management (VM) team to include standardization of processes and managing customer expectations.
  • Effectively manage a team of vulnerability management professionals who are focused on proactively preventing the exploitation of IT vulnerabilities that exist across the
  • Successfully assign and complete VM projects, tasks, and\or initiatives on time and to NIH vulnerability management standards.
  • Maintain a schedule of all VM team projects, tasks, and/or initiatives. (Added)
  • Track all team projects, tasks, and/or initiatives in a centralized location (e.g., Microsoft Lists, Jira, etc.).
  • Provide presentations and/or communications on relevant security documents across multiple teams and various layers of Federal management. Includes preparation of VM weekly project status reports, updates to the ISSO Forum presentation, updates to the monthly Executive briefing, and ad hoc reports/presentations as required.
  • Drive actionable metrics which help ensure the team reduce the time and resources needed to detect, investigate, analyze and remediate vulnerabilities.
  • Manage performance of risk‐based assessments of current and emerging information security issues to support the mission by prioritizing remediation efforts.
  • Proactively delegate support of regular vulnerability, compliance/configuration, database, and web application scanning.
  • Provide Subject Matter Expert support and guidance to Information Security Systems Officers (ISSO), System Owners and others as needed through the risk management process and secure configuration baseline management, including regulatory and remediation compliance monitoring.
  • Apply effective problem solving and critical thinking skills to evaluate applicable solutions, conduct pilot/evaluations for proof of concepts and ultimately implement better mitigating controls.
  • Research current and emerging information security exploits, threats, and vulnerabilities and disseminate contextual information to appropriate stakeholders.
  • Facilitate exception handling, waiver processing and escalations as needed.
  • Gather and organize technical information about NIH’s security posture, its mission goals and needs, information systems, and networks. Proactively identify & troubleshoot problems within managed security tools.
  • Maintain regular communication with security leaderships on process optimization, tools tuning and resetting of VM priorities as business needs prudently recommend.

• • Bachelor of Arts (B.A.) or Bachelor of Science (B.S.) degree, preferably in Computer Science, Information Technology, Electrical Engineering, or related field. Will consider an associate’s degree, military and/or combined years of hands-on experience.
  • 8 or more years of professional work experience with at least 5 years in Vulnerability Management, Threat Intelligence, SOC and/or Penetration Testing.
  • 3 or more years managing\supervising a team of diverse skillsets.
  • Information Security-related certification(s) such as Security+, CEH, CISSP, etc.
  • PMP certification.
  • Expertise with enterprise Vulnerability Management platforms such as Tenable, NetSparker, Nessus, etc.
  • Strong problem‐solving capabilities and the ability to effectively communicate solutions.
  • Must be a US Citizen with the ability to pass a Public Trust security clearance\background investigation.
  • Solid experience in a rapid paced, time-sensitive, and highly collaborative environment.
  • Experience with engineering and management of security scanning tools in an enterprise environment to include installation, configuration, usage, and troubleshooting.
  • Demonstrated expertise with multiple Windows, Mac OS, Unix-based operating systems.
  • Excellent verbal and written communication skills; ability to build strong relationships with key stakeholders.
  • Proficient in MS Office 365 suite (Word, PowerPoint, Excel).
  • Thorough understanding of cyber security, protocols, network topologies, and perimeter security devices (proxies, IPS, IDS, Firewall, and packet analyzers), and network security design.
  • Ability to take direction and achieve quality results, independently strive for personal excellence when completing tasks.

About Us:

Edgewater Federal Solutions is a privately held government contracting firm located near Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services, and timely delivery. Edgewater is ISO 9001, 20000-1, 27001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies from 2018-2024.

It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other status protected by applicable law. #LI-KC1