Lead Enterprise Scanning Engineer

Peraton is currently seeking an experienced Lead Enterprise Scanning Engineer to become part of our Federal Strategic Cyber Group.

Location: Beltsville MD. On-Site; Full-time.

Role Description:

Leadership and Team Management:

• Lead a team of Enterprise Scanning Engineers responsible for vulnerability compliance web application and database scanning.
• Mentor and provide guidance to team members fostering a collaborative and growth-oriented environment.

Strategic Planning and Execution:

• Develop and implement a comprehensive enterprise scanning strategy to ensure timely identification assessment and remediation of vulnerabilities across the Departments systems and networks.
• Oversee the execution of enterprise-wide operating system and application compliance verification on-site security assessments web and database vulnerability scanning and scanning of other IT assets.
• Monitor emerging security threats and vulnerabilities and develop appropriate mitigation strategies in collaboration with relevant stakeholders.

Reporting and Communication:

• Prepare and present regular reports on the effectiveness of the Departments security policies the potential impact of new vulnerabilities upon discovery and the effectiveness of measures taken to eliminate them.
• Communicate effectively with various stakeholders including system owners administrators and management to ensure timely remediation of identified vulnerabilities and compliance issues.

Vulnerability Scanning:

• Perform regular vulnerability scans across the Departments systems and networks identifying deviations from acceptable configurations and standards.
• Evaluate and prioritize identified vulnerabilities based on potential impact and risk and recommend remediation strategies and solutions.
• Collaborate with system owners and administrators to address identified vulnerabilities and ensure timely remediation.

Compliance Scanning:

• Execute enterprise-wide operating system and application compliance verification assessing adherence to established security policies and best practices.
• Develop security baseline configuration compliance and vulnerability scan policies for Department-hosted operating system platforms (e.g. Windows UNIX Linux Cisco Juniper etc.).
• Prepare audit reports identifying technical and procedural findings providing recommended remediation strategies and solutions.

Web Application Scanning:

• Conduct web application vulnerability scanning to identify potential security risks and weaknesses in web applications and services.
• Collaborate with web developers and application owners to address identified vulnerabilities and ensure the implementation of secure coding practices.
• Monitor emerging web application vulnerabilities and threats and recommend appropriate mitigation strategies.

Database Scanning:

• Perform database vulnerability scanning to identify potential security risks and weaknesses in database management systems and configurations.
• Collaborate with database administrators to address identified vulnerabilities and ensure the implementation of secure database practices.
• Monitor emerging database vulnerabilities and threats and recommend appropriate mitigation strategies.

Additional Responsibilities:

• Establish a queue management function to meet the Departments vulnerability management support service needs.
• Track and report on service request metrics such as ticket volume ticket volume by category response time and resolution time by category.
• Analyze the organizations cyber defense policies and configurations evaluating compliance with regulations and organizational directives.
• Maintain a list and schedule of all Information Systems (IS) requiring Enterprise Scanning (ES) assessments to support continuous monitoring and expeditious processing of ES assessments.
• Develop update and maintain System Design and Operations documentation

Basic Qualifications:

• Bachelors degree and a minimum of 9 years of relevant experience; 7 years with a Masters.
  • An additional 4 years of experience will be considered in lieu of degree/education.
• Possess and maintain or be able to obtain before start date one of the following professional certifications.
  • CCNA-Security
  • CND
  • CySA
  • GICSP
  • GSEC
  • Security CE
  • SSCP
• Experience assessing systems and networks to identify where systems/networks deviate from acceptable configurations and standards.
• Experience executing enterprise-wide both operating system and application compliance verification vulnerability assessments on-site security assessments web and database vulnerability scanning and scanning of other IT assets.
• U.S Citizenship required.
• Active Secret clearance.
  • Ability to obtain Top Secret clearance.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.