Jacobs Vulnerability Management Engineer in Reston, Virginia

Vulnerability Management Engineer


“Jacobs National Security Solutions (NSS) provides world-class IT network and service management capabilities; cutting edge cyber threat awareness and cybersecurity solutions; innovative web- and software applications development; and advanced data analytics for major clients in the Intelligence Community, Department of Defense, and Federal Civilian Agencies.

Our forward thinking solutions deliver an integrated approach to IT network design and management, full lifecycle IT service management, IT service delivery, asset management, logistics and procurement, and vendor management. We leverage the expertise and passion of our employees to conduct identity and access management, penetration testing, and vulnerability assessments for our nation’s most closely guarded agencies and networks. Our Cyber Security Operations Centers ensure safe, effective network operations for Federal clients while our data scientists are helping stop illegal acts before they can endanger Americans or our way of life.

Jacobs promotes a culture of operational excellence to create a safer, smarter, and more connected world while upholding the highest standards of compliance, quality and integrity.

We continue to thrive and need your talent and motivation to help propel us farther, faster.”

Jacobs is seeking a Vulnerability Management Engineer in Reston, VA. Duties will include:

  • Assist in applying common best practices for the industry to the customer using a knowledge base to create conceptual business models and to identify relevant issues and considerations in selecting application software packages.

  • Assess the operational and functional baseline of an organization and its organizational components, and help to define the direction and strategy for an engagement while ensuring the organizational needs are being addressed. Typical areas addressed include Human Resources, Finance, Supply, and operations.

  • Identify information technology inadequacies and/or deficiencies that affect the functional area's ability to support/meet organizational goals.

  • Support the development of functional area strategies for enhanced IT. Commensurate experience and education.

  • Responsible for conducting vulnerability scans at the network, operating system, database, and application levels on financial systems within this organizations enterprise.

  • Perform vulnerability scanning and analysis to eliminate false positives and to aggregate findings by specific best practice criteria. .

  • Validate the vulnerabilities identified against the National Institute of Science and Technology (NIST) Framework, National Vulnerability Database (NVD) and Security Best Practice standards such as CIS Benchmarks, DISA STIGs and vendor hardening standards.


  • Must obtain and maintain a Public Trust security clearance

  • Associate of Science degree in Information Technology, IT Security, Network Systems Technology or related field or equivalent experience plus one (1) to three (3) years of directly related experience or any equivalent combination of education, experience, training and certifications

  • Three (3) years of experience in Information Technology and Cybersecurity with the following techniques:

  • Vulnerability Scanning and Analysis

  • Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems

  • Network Switching/Routing and TCP/IP

  • Databases (e.g. MS SQL, Oracle, DB2)

  • Web application vulnerability scanners (e.g. Qualys WAS, WebInspect, AppScan)

  • Database vulnerability scanners (e.g. AppDetective, DbProtect)

  • General purpose vulnerability scanners (e.g. QualysGuard, Nessus)

  • Security configuration checklists (e.g. DISA STIGs, CIS Benchmarks)

  • NIST Special Publications (e.g. 800-53, 800-37)

  • Two (2) or more years experience and understanding of NIST 800-53, NIST 800-53A, NIST 800-30 and NIST 800-37

  • Two (2) or more years experience performing security control assessments of all NIST 800-53 controls

  • Experience configuring and using technical assessment tools such as Nessus, HP WebInspect, AppDetective, BurpSuite, Wireshark, QualysGuard and Redseal

  • Two (2) or more years of Risk Management Framework (RMF) implementation experience

  • Proficiency understanding the technical architecture of IT systems built using Windows, UNIX, Linux, IBM AIX, VMware, Citrix, Oracle and MySQL platforms

  • Strong documentation and communication (written and verbal) skills

  • Working knowledge of common network devices, Windows & Unix operating systems and common database platforms.

  • Experience providing recommendations for remediation and collecting evidence to verify the vulnerability no longer exists.

  • Prior experience performing full scope Risk Management processes for a federal client, to include Certification and Accreditation (C&A), FISMA Self Assessments, Technical Assessments (Vulnerability analysis, penetration testing), and Risk Assessments.

  • Experience using vulnerability and security testing tools and reviewing the results from tools such as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite

  • Self-motivated and able to work in an independent manner

  • Preferred Qualifications:

  • Certifications such as CEH, CCNA, CCNP, GSEC and others

Essential Functions

Physical Requirements:

Most work will be done at a desk or computer.

Work Environment:

General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers.

Equipment & Machines:

General office equipment including PC/laptop, Fax, Copiers, Shredder, Printers, Telephone, and other miscellaneous office equipment.


Attendance is critical at all times. Must be able to work a 40-hour workweek, normally Monday through Friday. However, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.

Other Essential Functions:

Must be able to communicate effectively both verbally and in writing

Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others. Must put forward a professional behavior that enhances productivity and promotes teamwork and cooperation.

Must be able to interface with individuals at all levels of the organization both verbally and in writing. Must be well-organized with the ability to coordinate and prioritize multiple tasks simultaneously. Must work well under pressure to meet deadline requirements. Must be willing to travel as needed. Must take and pass a drug test and background check as well as a motor vehicle records check. Must be a US citizen.


Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other characteristics protected by law. Jacobs is a background screening, drug-free workplace.

Primary Location United States-Virginia-Reston

Req ID: I2S00036C