Leidos Inc
Description
We are seeking a skilled and dedicated Vulnerability Management Administrator to manage and maintain our vulnerability management program using the Nucleus Security platform. The ideal candidate will be responsible for the day‑to‑day operation of the platform, ensuring all assets are scanned, vulnerabilities are identified and prioritized, and remediation efforts are tracked and reported to stakeholders. This role is critical in helping the organization maintain a strong security posture and comply with industry regulations.
Primary Responsibilities
Platform Administration: Administer, operate, update, patch, configure, and maintain the Nucleus vulnerability management system and integrated tools.
Vulnerability Scanning: Configure, schedule, and execute regular and on‑demand vulnerability scans across various environments (on‑premises networks, cloud services, applications, etc.) using integrated scanning tools like Tenable, Qualys, or Rapid7.
Data Management: Ingest, normalize, and consolidate vulnerability data from multiple scanning tools into the Nucleus platform to create a unified view of risk.
Analysis and Prioritization: Analyze scan results, prioritize vulnerabilities based on risk, asset criticality, and threat intelligence (e.g., CISA KEV, AI‑powered insights within Nucleus), and classify their potential impact on business operations.
Remediation Coordination: Collaborate with IT, security teams, and asset owners to develop and track remediation plans, manage ticketing processes (using integrations like ServiceNow), and monitor Service Level Agreements (SLAs) for resolution.
Reporting and Metrics: Generate detailed reports, dashboards, and metrics on vulnerability trends, remediation progress, and compliance status for technical teams and senior leadership.
Process Improvement: Develop and maintain vulnerability management documentation (policies, procedures, playbooks) and automate processes where possible to improve efficiency using the Nucleus automation engine or scripting (Python, Shell).
Threat Research: Research and assess new and emerging security threats and vulnerabilities, including zero‑day events, and provide guidance on risk mitigation.
Documentation and reporting along with presentation, teamwork and DHS wide collaboration are among the expected duties and mission of the task order.
Define system security & design requirements to meet FISMA and FedRAMP compliance standards.
Provide follow‑up reports (technical findings, feedback, resolution steps taken) for root cause analysis, engineering technical assessment and process improvement initiatives.
Basic Qualifications Bachelor's Degree and 8‑10 years of experience. Additional experience may be considered in lieu of a degree.
Experience: Minimum of 2‑4 years of experience in IT security, with a focus on vulnerability management or security operations.
Technical Proficiency: Strong knowledge of vulnerability management principles and experience administering a vulnerability management platform (specifically Nucleus Security; experience with Tenable, TVM or Wiz is a plus).
Cybersecurity Knowledge: Understanding of network security protocols, system administration (Linux/Windows), cloud environments, and security best practices.
Analytical Skills: Excellent analytical and problem‑solving skills to interpret complex security data and translate technical findings into business risks.
Communication: Strong verbal and written communication skills, with the ability to effectively communicate findings and collaborate with cross‑functional teams.
Certifications (Preferred): Relevant certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), or other vulnerability management specific certifications.
Preferred Qualifications
Experience working with Sepio Asset Risk Management (ARM)
Experience working in AWS and Azure
Experience working with CrowdStrike or RelativityOne is a plus
Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
#J-18808-Ljbffr
Primary Responsibilities
Platform Administration: Administer, operate, update, patch, configure, and maintain the Nucleus vulnerability management system and integrated tools.
Vulnerability Scanning: Configure, schedule, and execute regular and on‑demand vulnerability scans across various environments (on‑premises networks, cloud services, applications, etc.) using integrated scanning tools like Tenable, Qualys, or Rapid7.
Data Management: Ingest, normalize, and consolidate vulnerability data from multiple scanning tools into the Nucleus platform to create a unified view of risk.
Analysis and Prioritization: Analyze scan results, prioritize vulnerabilities based on risk, asset criticality, and threat intelligence (e.g., CISA KEV, AI‑powered insights within Nucleus), and classify their potential impact on business operations.
Remediation Coordination: Collaborate with IT, security teams, and asset owners to develop and track remediation plans, manage ticketing processes (using integrations like ServiceNow), and monitor Service Level Agreements (SLAs) for resolution.
Reporting and Metrics: Generate detailed reports, dashboards, and metrics on vulnerability trends, remediation progress, and compliance status for technical teams and senior leadership.
Process Improvement: Develop and maintain vulnerability management documentation (policies, procedures, playbooks) and automate processes where possible to improve efficiency using the Nucleus automation engine or scripting (Python, Shell).
Threat Research: Research and assess new and emerging security threats and vulnerabilities, including zero‑day events, and provide guidance on risk mitigation.
Documentation and reporting along with presentation, teamwork and DHS wide collaboration are among the expected duties and mission of the task order.
Define system security & design requirements to meet FISMA and FedRAMP compliance standards.
Provide follow‑up reports (technical findings, feedback, resolution steps taken) for root cause analysis, engineering technical assessment and process improvement initiatives.
Basic Qualifications Bachelor's Degree and 8‑10 years of experience. Additional experience may be considered in lieu of a degree.
Experience: Minimum of 2‑4 years of experience in IT security, with a focus on vulnerability management or security operations.
Technical Proficiency: Strong knowledge of vulnerability management principles and experience administering a vulnerability management platform (specifically Nucleus Security; experience with Tenable, TVM or Wiz is a plus).
Cybersecurity Knowledge: Understanding of network security protocols, system administration (Linux/Windows), cloud environments, and security best practices.
Analytical Skills: Excellent analytical and problem‑solving skills to interpret complex security data and translate technical findings into business risks.
Communication: Strong verbal and written communication skills, with the ability to effectively communicate findings and collaborate with cross‑functional teams.
Certifications (Preferred): Relevant certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), or other vulnerability management specific certifications.
Preferred Qualifications
Experience working with Sepio Asset Risk Management (ARM)
Experience working in AWS and Azure
Experience working with CrowdStrike or RelativityOne is a plus
Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
#J-18808-Ljbffr