Knowledge Consulting Group (KCG) is one of the largest privately held cybersecurity services firms in the United States; serving as a Federal Government Contractor and supporting Commercial customers. We operate as a trusted cyber advisor to our customers across the country. We take great pride in maintaining a single focus on being the leader in cybersecurity services, providing risk management, governance, operations, and compliance services, utilizing our CISO framework methodology. We are uniquely positioned as a trusted cyber advisor with over 90 percent of our cyber professionals holding security clearances and security-specific certifications. With over 12 years of experience in providing cybersecurity services to our customers, we have a strong record of past performance in advising and executing cyber missions for all types of organizations and sectors
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable. Public trust, Secret clearance or Top Secret clearance preferred.
The Vulnerability Remediation Engineer will be a member of a security team that will provide remote vulnerability assessments and support services primarily based on results from IT security assessments for a federal government client. Responsibilities include:
- Performing vulnerability remediation for identified issues on systems, devices, and network services available on a network
- Providing automated vulnerability scanning training (using McAfee Vulnerability Scanner (Foundstone))
- Providing solutions to recommendations for security issues and vulnerabilities identified during assessments
- Performing remote vulnerability scanning
- Providing risk mitigation planning with emphasis on technical safeguard/control implementation to include: Patch Management, Auditing and Log Management, System Boundary Security (Firewalls, Intrusion Detection/Prevention), Internal Network Access Controls (VLANs, Network Segmentation)
- Providing continuous monitoring strategy development to include: Identification of safeguard/controls to monitor, Identification of frequency of monitoring and Activities/methods of monitoring safeguards/controls
- Validating remediation task from assessment results
- Assisting with security awareness program development
- Effectively communicating solutions to clients ranging from technical staff to executive management
- Providing ongoing subject matter expert support for clients
- 8 or more years experience in analyzing security controls and developing solutions to security problems
- 5 or more years experience working with NIST IT security guidance
- Bachelor’s degree in an IT related field or equivalent education or work experience
- CISSP and/or CISA certification required
- Excellent communications and oral presentation skills
- Experience in identification and remediation of system, network, and application vulnerabilities.
- Experience in validating vulnerability scanning results and false positives
- Experience in performing vulnerability assessments using Nessus, Qualys, Foundscan, Appscan, Core Impact, NGS, nCircle, Fortify, Rapid7, NMap, Metasploit, or other assessment tools
- Experience in performing manual and/or automated security configuration reviews of network devices, servers, and workstations based on secure configuration checklists such as CIS, NSA, DSA, SANS, Microsoft, Cisco, etc.
- Experience conducting NIST 800-53 security control assessments
Strong verbal and written communication skills are highly preferred. It is highly desired that candidates possess strong interpersonal skills. Candidates must be fluent in the English language.
Candidates may be asked to provide a writing sample.
Knowledge Consulting Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race.