TheVulnerability Management Team member will provide technical support to the DoD Vulnerability Disclosure Program (VDP) for the Defense Cyber Crime Center (DC3). These activities directly support the mission to improve defense of the DoD Information Network (DoDIN), by receiving, validating, and disseminating cybersecurity vulnerabilities reported by private-sector researchers. The VDP team tracks and analyzes reported vulnerabilities and mitigation actions by systems owners to identify gaps in DoDIn defenses; areas requiring increased attention, and areas for improvement.This position performs technical validation and initial severity assessment of externally-reported web security vulnerabilitiesThe selected employee will possess and applies expertise on multiple complex work assignments. Assignments may be broad in nature, requiring originality and innovation in determining how to accomplish tasks. Operates with appreciable latitude in developing methodology and presenting solutions to problems. Contributes to deliverables and performance metrics where applicable.Qualifications: 13 years of professional experience without a degree; or 5 years of professional experience with a Bachelors degree from an accredited college in a related discipline, or equivalent experience/combined education; or 3 years of professional experience with a related Masters degree; or no experience required with a related Ph.D. or JD. Consideration should always be given for the level of specific domain expertise.Required Skills:Expert technical understanding of software and web application security and common vulnerabilities (CWE, CVE)Demonstrated technical ability to validate web vulnerabilities on live DoD web properties using manual techniques and common toolsDemonstrated ability to recognize, interpret, and communicate in information assurance vulnerability management (IAVM), Risk Management Framework (RMF), and security technical implementation guides (STIGs)Demonstrated knowledge of various software testing methodologies, test case creation and thereporting processKnowledge of current DoD cybersecurity challenges and threatsKnowledge of common web application architecture and programming techniques, including common languages (eg, JavaScript, PHP, SQL)Familiar with Layer 2/3 network and security appliance capabilities; familiar with TCP/IP protocol stackStrong verbal and written communication skills; ability to provide expert review of accurate and timely technical reports for release to external customersFlexibility to adapt to a dynamic work environment to meet organizational requirementsAbility to use sound judgment when conducting live testing to avoid or minimize impact to production services and dataSuperior organizational skills to analyze, develop, and deliver detailed reports to meet short suspense windowsAware of industry trends; IoT, ICS/SCADA, containerization technologies, Dev-Sec-OpsCertifications (any): CEH, GCIH, Security+, CCNA Cyber Ops, GWAPT, GPEN, OSCP, OSWEDesired Skills:Certifications (any): CEH, GCIH, Security+, CCNA Cyber Ops, GWAPT, GPEN, OSCP, OSWEStrong attention to detail and the ability to prepare documents for customer review