1,946 Security Auditing jobs in the United States

At Agile Defense we know that action defines the outcome and new challenges require new solutions. Thats why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next.

Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agilityleveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nations vital interests.

Requisition #:

Job Title: Vulnerability Assessment Analyst III|Exempt

Job Title for Careers Page: Senior Tenable Security Engineer

Location: 14th and C Streets, SW Washington D.C., District of Columbia 20228 AND/OR 9000 Blue Mound Road, Fort Worth, TX 76131

Clearance Level: Active DoD -

Required Certification(s):

Tenable Vulnerability Management, Tenable Security Center, or Tenable OT Security certification is required.

CISSP or equivalent is required

SUMMARY: The Bureau of Engraving and Printings (BEP's) core mission is to design and manufacture high-quality security documents that meet customers' requirements for quality, quantity, and performance, as well as counterfeit deterrence. This position will serve as the Subject Matter Expert leading the development, improvement, integration, deployment, and ongoing maintenance of BEPs Vulnerability Management solution.

JOB DUTIES AND RESPONSIBILITIES

Design, develop, and customize Tenable security solutions to align with organizational security requirements and compliance needs.

Create and optimize vulnerability scanning policies, configurations, and dashboards to ensure comprehensive coverage of assets.

Continuously assess and enhance the effectiveness of Tenable tools by analyzing scan results, identifying gaps, and recommending improvements.

Update and refine scanning templates, asset groups, and vulnerability prioritization to reduce false positives and improve accuracy.

Stay updated on emerging threats, vulnerabilities, and Tenable product updates to incorporate best practices and new features.

Integrate Tenable solutions with other security tools and platforms, such as SIEM (e.g., Splunk, QRadar), ticketing systems (e.g., ServiceNow), and endpoint detection tools, to create a cohesive security ecosystem.

Plan and execute the deployment of Tenable solutions across multiple environments, ensuring minimal disruption to operations.

Monitor and maintain Tenable systems to ensure optimal performance, availability, and accuracy of vulnerability data.

Perform regular updates, patches, and upgrades to Tenable tools to address new vulnerabilities and maintain compliance.

Serve as the primary point of contact for Tenable-related queries, providing guidance to security teams, IT staff, and leadership.

Generate and present detailed vulnerability reports, metrics, and risk assessments to technical and non-technical audiences.

QUALIFICATIONS

Required Certifications

Tenable Vulnerability Management, Tenable Security Center, or Tenable OT Security certification is required.

CISSP or equivalent is required

Education, Background, and Years of Experience

Bachelors degree in Computer Science, IT, Business, Management, or related discipline from an accredited institution.

10 or more years experience in Bachelor's degree discipline. 8 or more years of experience with Tenable engineering and implementation.

ADDITIONAL SKILLS & QUALIFICATIONS

Required Skills

Experience with the administration of information systems.

Experience managing and leading technical projects.

Experience working in a cybersecurity program.

WORKING CONDITIONS

Environmental Conditions

Standard office building working within a cube and near co-workers.

Strength Demands

Sedentary 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Physical Requirements

Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; See

Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together.

What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are.

We also believe in supporting our employees by offering a competitive and comprehensive benefits package. To explore the benefits we offer, please visit our website under the Careers section.

Happy - Be Infectious.

Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.

Helpful - Be Supportive.

Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.

Honest - Be Trustworthy.

Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.

Humble - Be Grounded.

Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.

Hungry - Be Eager.

Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.

Hustle - Be Driven.

Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

Description

The Leidos Digital Modernization group is looking for a Vulnerability Assessment Solutions Administrator . This exciting role focuses on managing and optimizing the ACAS (Assured Compliance Assessment Solution) system, a vital tool for vulnerability assessment and security auditing, particularly within the Department of Defense. You will ensure the system operates at its best, analyze scan results, and collaborate with various teams to address identified vulnerabilities.

If you thrive in a dynamic environment and want to make a significant impact, read on!

Leidos Digital Modernization Sector is dedicated to delivering enterprise IT, digital modernization, and cyber capabilities to meet essential operational and mission objectives for the Air Force, Space Force, and Defense Agencies.

Position Responsibilities:

• Proactively mitigate information risk by ensuring proper security, monitoring, and operation of Security Center servers and logs across NIPRNet and SIPRNet environments.

• Identify and secure ECAS Scanner servers and maintain operations within the CONUS theater.

• Conduct ACAS Agent scans and differential scans adhering to DISA best practices.

• Collaborate with subscriber sites to facilitate the Cyber Operational Readiness Assessment (CORA) process.

• Ensure the integrity of the operating system environment, focusing on SecurityCenters and Nessus scanners.

• Report compliance data to senior management in response to directives and taskings.

• Maintain effective communication with IT administration teams supporting both Cloud and on-premise server infrastructure.

• Associate Nessus scanners with the correct scan zones and repositories to enhance efficiency.

• Provide multi-tiered ACAS administrator support to various stakeholders.

• Troubleshoot application errors, operating systems, server hardware, network communications, and storage issues within the ACAS environment.

• Utilize diagnostic tools and logs to identify and resolve technical problems swiftly.

• Employ the Atlassian Suite to track issues impacting system operations and suggest corrective actions.

• Review system logs to identify scanning problems and recommend effective corrective measures.

• Continuously evaluate current ACAS implementations for scans, assets, analyses, and permissions.

• Assist in installing and maintaining configuration files, custom scan policies, plug-ins, and DISA STIGs to enhance vulnerability discovery capabilities.

• Plan, document, and coordinate the implementation of updated processes and best practices for ACAS operations and maintenance.

Basic Qualifications:

• Bachelor's degree with 8+ years of relevant experience, with consideration for extensive experience in lieu of a degree.

• Possess one professional certification as outlined in DISA IASE IAT Level II DoD 8570.01 Approved Baseline and one Cyber Security Service Provider baseline certification before employment.

• DISA ACAS certification is required.

• Familiarity with the Cyber Operational Readiness Assessment (CORA) process is preferred.

• Knowledge of VPN and Active Directory functionality.

• Excellent communication skills, both written and verbal, with strong team collaboration abilities.

• Understanding of imaging processes for PCs and Laptops, and basic authentication and IP CIDR setups.

• Ability to work effectively within a dynamic cross-organizational team.

• U.S. Citizenship is required, along with an active Secret clearance.

• Strong troubleshooting skills for diagnosing and managing desktop software and hardware issues.

Ready to break things (in a good way) and build them smarter? Join us at Leidos!

Original Posting: August 8, 2025

For U.S. Positions: This job requisition will remain open for at least 3 days, closing no sooner than 3 days after the original posting date.

Pay Range:

Pay Range $104,650.00 - $189,175.00

This pay range serves as a guideline only and does not guarantee compensation. Additional factors include job responsibilities, education, experience, skills, internal equity, and applicable laws.

• Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
• Conduct and/or support authorized penetration testing on enterprise network assets.
• Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
• Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
• Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews (TSCM), TEMPEST countermeasure reviews).
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Skill in assessing the robustness of security systems and designs.
• Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
• Skill in mimicking threat behaviors.
• Skill in the use of penetration testing tools and techniques.
• Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
• Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
• Skill in reviewing logs to identify evidence of past intrusions.
• Skill in conducting application vulnerability assessments.
• Skill in performing impact/risk assessments.
• Skill to develop insights about the context of an organization's threat environment
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

• Bachelor degree or higher from an accredited college or university
  
  • Prefer an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.
• Certifications: IAT Level 2 and Two Penetration Testing Certifications (e.g., GPEN, GWAT, GCIH, CEH, GPYC, LPT, CPT).

Position Title

Vulnerability Assessment Analyst and Penetration Tester (Contingent)

Work Location

Camp Pendleton, CA

Position Description

The Vulnerability Assessment Analyst and Penetration Tester is responsible for the delivery of continuous cyber assessments, solving complex technology problems, building tools, and identifying and influencing response to and mitigation of threats. Perform manual assessment of systems, services, and software; specializing in security issues beyond those identified by static analysis tools. The individual ensures services, applications, and websites are designed and implemented to the highest security standards. Responsible for application and hardware penetration testing, automating repetitive tasks using various scripting languages, mentoring, and leading other engineers to deliver complex penetration tests and vulnerability assessments. The individual will be expected to drive automation, tooling, efficiency, and advance the teams penetration testing capabilities. Responsible for creating threat mitigation plans.

Minimum Position Requirements:

• Five years of hands-on penetration testing experience with operating systems, web applications, and network infrastructure.

• Administrator-level knowledge of Windows and Linux Server operating systems.

• Experience with operating system security.

• Competent with testing frameworks and tools, such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire.

• Knowledge of the functionality and capabilities of computer network defense technologies, including router Access Control Lists (ACLs), firewalls, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), antivirus/Endpoint Detection and Response (EDR), and web content filtering.

• Strong written and verbal communication skills, including the ability to explain complex technical topics to non-technical audiences.

• Possess one of the following certifications upon onboarding:

  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Web Assessor (OSWA)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Penetration Tester (GPEN)
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • Offsec Experienced Penetration Tester (OSEP)
  • Offsec Web Expert (OSWE)

• Obtain one of the following certifications within 9 months of onboarding:

Reports To

Assigned Program Manager

Security Clearance Requirements

Secret

Travel Requirements

Travel is anticipated to be 10% - 15% within the Continental United States and 5%-10% outside the Continental United States

Benefits & Compensation

• New employees are eligible to participate in the companys benefits plan on their day of hire unless
• Medical Insurance
• Vision & Dental Insurance
• Long Term & Short-Term Disability, Group Life and AD&D Insurance 100% Employer Paid
• Flexible Spending Plan
• Health Savings Account
• 401(k) Savings Plan 100% match for the first 3% contributed plus 50% of the next 2% contributed. (no vesting period and eligibility is your date of hire).
• Paid holidays Eleven (11) per year
• Paid Time Off - One hundred-twenty (120) accrued hours per year
• Professional Development Program
• Salary will be determined based on the individuals education and experience level

noted otherwise.

Overview

Lumbee Holdings is a leading provider of IT Support, Cybersecurity and Training and Development to the Department of Defense (DoD) and other government agencies. We are seeking a dynamic and experienced Business Development Manager to drive growth and expand our presence in the defense sector.

Equal Employment Opportunity Policy Statement

It is the policy of Lumbee Tribe Holdings, Inc. and its subsidiaries (the Company) not to discriminate against any employee or applicant for employment because of race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, marital status, genetic information, mental or physical disability (and medical condition, for employees in California) or because he or she is a protected veteran. It is also the policy of the Company to take affirmative action to employ and to advance in employment,

all persons regardless of race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, marital status, genetic information, mental or physical disability (and medical condition, for employees in California) or protected veteran status, and to base all employment decisions only on valid job requirements. This policy shall apply to all employment actions, including but not limited to recruitment, hiring, upgrading, promotion, transfer, demotion, layoff, recall, termination, rates of pay or other forms of compensation and selection for training, including apprenticeship, at all levels of employment.

Employees and applicants of the Company will not be subject to harassment on the basis of race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, marital status, genetic information, mental or physical disability (and medical condition, for employees of California) or because he or she is a protected veteran. Additionally, retaliation, including intimidation, threats, or coercion,

because an employee or applicant has objected to discrimination, engaged or may engage in filing a complaint, assisted in a review, investigation, or hearing or have otherwise sought to obtain their legal rights under any Federal, State, or local EEO law is prohibited.

NOTE: These statements are intended to describe the general nature and level of work involved for this job. It is not an exhaustive list of all responsibilities, duties, and skills required of this job.

• Wintel servers that use Active Directory (AD) directory service to manage identities and relationships
• UNIX servers that are LDAP compliant
• RADIUS servers

1. Perform a credentialed scan of no more than 1500 systems.
2. Analyze scans to identify network & desktop vulnerabilities using COBIT 5 standards as a measurement;
3. Report the vulnerability immediately upon discovery of a critical vulnerability and recommend remedial steps within one (1) business day following discovery;
4. Submit a written report that:
   • Identifies vulnerability gaps
   • Recommends remedial steps required to bring the environment up to COBIT 5 standards;
5. Formally present findings to Entity Management.