Peraton Overview

Peraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly differentiated national security solutions and technologies that keep people safe and secure. Peraton serves as a valued partner to essential government agencies across the intelligence, space, cyber, defense, civilian, health, and state and local markets. Every day, our 22,000 employees do the cant be done, solving the most daunting challenges facing our customers.

We are an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law.

As a government contractor, Peraton abides by the following provision

Pay Transparency Nondiscrimination Provision

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of the other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c).

Qualifications

Lead a Security Vulnerability and Compliance team who are responsible for the following:

• Leads security compliance checklist efforts for system components
• Manage all findings and POAMS and ensure the environment stays within the required Security Dashboard requirements as set by the customer
• Meet daily with the Director level customers to review POAM status, statistics, due dates for closure
• Prepares vulnerability and compliance reporting, analyzes system impact, updates stakeholders on progress of system hardening efforts
• Assists in development and implementation of technical security policies
• Provides security analysis and consultation services for product, system, and network architecture designs pertaining to vulnerability management tools
• Maintains up to date knowledge of IP network architectures
• Identifies trends and root causes of system vulnerabilities and configuration settings
• Provides risk analysis as required for projects or as necessary with recommended configuration changes
• Ensures vulnerability and compliance scanning procedures meet security requirements
• Initiates compliance and vulnerability scans using Nessus Security Center tool for configuration and vulnerability management
• Defines and updates the Security Configuration Management (SCM) baselines to meet DISA STIG requirements at least semi-annually
• Leads the quarterly SCM Baseline Compliance Reporting to client
• Performs any other Information Security duties as assigned
• Provides consultation to technical subject matter experts (SMEs) in information security support to including assisting with evidence gathering, preparing technical narratives, and conducting training
• Works with SOC counterparts to coordinate CDM and other scanning activities
• Ensures program deliverables are met with regard to vulnerability scan reports and SLA requirements.

Leads a Security Audit team who are responsible for the following:

• Oversee quarterly and yearly external and internal audits
• Responsible for all ATO activity for new systems added to the current hosting environment ( mainframe, on premise midrange and AWS GovCloud environments) or when material architectural changes occur with these environments and ATOs are needed
• Provide guidance and expertise for new security compliance policies as the new applications or tools, or SaaS offerings are brought into the boundary

Lead the scanning team who are responsible for:

• Weekly vulnerability scans using Tenable.sc
• BOD 18-01 scans
• Monthly SLA reporting - CyberScope Report
• Ad Hoc scanning for OSA - Tenable, DbProtect, and Nipper
• Customer scan requests for Nessus and DbProtect - Remedy work orders
• Monthly Nessus reports for Discovery scans and Certificate info
• CDM scanning for databases within the General Support System (GSS) (using DbProtect)
• Monthly Nipper scans/analysis of network device configuration

REQUIRED

• Must be a US Citizen.
• High Risk Public Trust, level 6C -OR-Top Secret clearance required.

The successful candidate should have a strong track record of performance in the following areas:

• Bachelors Degree in Computer Science or related field; or equivalent post high school education and/or work related experience
• 10+ years' experience in IT security
• Ability to lead and manage other security personnel
• Ability to work directly with executive level client leaders and present material in a concise and clear manner
• Experience working with compliance and regulatory program requirements especially FISMA regulated environments
• Experience analyzing network, event and security logs, and/or IDS alert logs
• Proven project management and organizational skills, specifically managing multiple concurrent projects
• Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude
• Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism
• Excellent teamwork skills
• Technical experience in the following:
• Microsoft Windows Server and Desktop Operating Systems
• Microsoft Active Directory
• Microsoft SQL Server
• Oracle Database
• VMware ESX
• Red Hat Enterprise Linux (RHEL)
• Mainframe
• Firewall, HIDS/IDS, SIEM
• Vulnerability scanning tools (DbProtect, Tenable.sc, Nipper)
• Industry best practice security standards (e.g., DISA STIG, CIS, NIST, etc.)

Responsibilities

The Cyber Security Vulnerability and Assessment Manager responsibilities will be to support the Account Security Officer and other Account Security team personnel in Information Assurance and Security activities for the client. Lead a team of individuals who provide weekly and monthly scanning, POAM and finding remediation, quarterly and yearly external audits, development and maintenance of Security documentation (i.e. Security Plans), security compliance documentation, and appropriate tools, processes, and procedures in support of vulnerability and compliance initiatives. Work with the Security Team to refine current processes and procedures, and suggest and implement any new processes that will assist with fulfilling the mission of the current client contract. Act as the main point of contact and subject matter expert for vulnerability scanning/assessment activities. Work with SOC counterparts to coordinate CDM and other scanning activities. Work directly with the customer Security ISSO and CISO on Security Policies and procedures.

For Colorado Residents
Colorado Salary Minimum: $87,193.60 Colorado Salary Maximum:$186,388.80 The estimate displayed represents the typical salary range for this position, and is just one component of Peraton's total compensation package for employees. Other rewards may include annual bonuses, short- and long-term incentives, and program-specific awards. In addition, Peraton provides a variety of benefits to employees.