Vulnerability Management Engineer

Job Title: Vulnerability Management Engineer

Job Category: Security

Time Type: Full time

Minimum Clearance Required to Start: None

Employee Type: Regular

Percentage of Travel Required: None

Type of Travel: None

* * *

The Opportunity:
CACI is searching for a Vulnerability Management Engineer to support the FEMA Office of the Chief Information Security Officer (OCISO) in Washington, D.C. As a Vulnerability Management Engineer, you will play a crucial role in ensuring the security and resilience of FEMA's information systems through comprehensive vulnerability identification, assessment, and remediation coordination. You will work in a dynamic environment, collaborating with system owners, cybersecurity professionals, and enterprise administrators to identify and eliminate security vulnerabilities. Your efforts will directly contribute to safeguarding FEMA's mission-critical systems and data. The Vulnerability Management Engineer will be responsible for leading vulnerability identification, prioritization, remediation coordination, and closure validation across the environment and assigned systems. This position requires administering scanning processes across all FEMA systems and analyzing vulnerability findings for risk and accuracy. The Vulnerability Management Engineer will monitor all FEMA systems Remediation Work Plans (RWPs) and POA&Ms daily, coordinate remediation efforts across Enterprise systems, and provide daily technical remediation support services. This role is critical for producing dashboards and surge reporting for critical vulnerabilities and ensuring remediation validation.


Responsibilities:
The Vulnerability Management Engineer will administer scanning processes across all FEMA systems and analyze vulnerability findings for risk and accuracy while monitoring all FEMA systems Remediation Work Plans (RWPs) and POA&Ms daily. This position requires coordinating remediation efforts across Enterprise systems, providing daily technical remediation support services, and supporting all remediation activities in a detailed, technical, and audit manner. The Vulnerability Management Engineer will ensure remediation validation and produce dashboards and surge reporting for critical vulnerabilities, as well as provide vulnerability reduction reports and trend analysis reports. Responsibilities include analyzing all vulnerability reports and remediation efforts and reporting to senior leadership monthly, conducting monthly POA&M remediation test events, and developing test reports within 5 days after testing. The position involves validating closure of vulnerabilities and providing monthly compliance remediation briefs while utilizing automated security authorization tools for managing remediation efforts and managing POA&Ms using automated tools. The Vulnerability Management Engineer will support internal and external audit events, track and suggest technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access, and research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and network and device security and encryption.


Qualifications:

- U.S. Citizenship required  
- FEMA EOD suitability or Current DHS or FEMA EOD preferred
- BS/BA + 7 years of applicable experience in vulnerability management and cybersecurity  
- Minimum 7 years of experience in vulnerability management and cybersecurity  
- Demonstrated expertise in Nessus, ACAS, or similar vulnerability scanning tools
- Experience with automated security authorization tools
- Knowledge of vulnerability assessment methodologies and risk analysis
- Experience developing and tracking POA&Ms
- Strong analytical skills for vulnerability prioritization and trend analysis.

Desired Qualifications: 
- Previous DHS or DoD experience
- Experience with CSAM, RegScale, eMASS, or similar GRC tools
- Knowledge of DISA STIGs and security compliance frameworks
- Experience with dashboard and reporting tools (Tableau, Power BI, Splunk)
- Strong communication skills for presenting to senior leadership
- Experience supporting audit

-

What You Can Expect:

 A culture of integrity.

At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.

An environment of trust.

CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.

A focus on continuous growth.

Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.

Pay Range:

There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.

The proposed salary range for this position is:

$103,800 - $218,100