Job Description

Pueo is known for bringing the best talent and unique tools to every opportunity. Pueo's Parliament (aka workforce) is composed of professionals who are seeking the opportunity to work in a business organization that thrives on career development and independence. In support of mission and professional growth, our Parliament has supported the development of multiple patents, proprietary tools, and applications as well as trademarked processes.

Our organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employee's desires and capabilities, and we ensure challenges, growth, and unique experiences are available for employees at all levels.

Our Career Environments (Program, Functional, Service, and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship, understanding, and peer support.

Technical Reviewers play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). They conduct comprehensive technical assessments and perform detailed analysis of vulnerability scans to ensure compliance with Intelligence Community Directives (ICDs), IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 rev 5 security controls.

GENERAL DUTIES:

• Leverage extensive expertise in vulnerability management tools, processes, and lifecycle to independently review and assess technical security controls in support of JCIP Inspections.
• Engage with site leadership and technical staff to plan and coordinate vulnerability assessments and remediation verification.
• Interview organizational subject matter experts and review documentation to validate vulnerability findings and risk prioritization using TICCL and KCoHR frameworks.
• Participate in the planning, execution, and reporting of vulnerability assessments with minimal supervision. Prepare detailed assessment deliverables.
• Clearly communicate risk impact and remediation strategies through presentations and written reports.
• Stay current with latest vulnerability management tools, techniques, threat intelligence, and IC policies.
• Travel as required to support remote inspections (8-12 weeks of travel avg some international and passport required).

REQUIRED QUALIFICATIONS:

• Possess a master's degree, with 8+ years of total experience/equivalent certifications. Master's degree may be substituted with a bachelor's degree and 5+ years of additional experience/equivalent certifications, for a total of 13+ years.
• Knowledge:
  • Proven experience with vulnerability scanning tools (e.g., Tenable Nessus, Qualys, Rapid7 Nexpose), vulnerability lifecycle management, and remediation verification.
  • Strong understanding of vulnerability risk ratings, threat intelligence integration, and mitigation strategies.
  • Familiarity with IC directives, NIST 800-53 and 800-171 security controls as they relate to vulnerability management.
• Skills:
  • Solid interpersonal and communication skills for working effectively with diverse technical teams and leadership.
  • Ability to interpret and apply STIGs, vulnerability management frameworks, and NIST controls.
  • Strong analytical skills to assess and prioritize vulnerabilities in a complex enterprise environment.
• Abilities:
  • Experience leading vulnerability management projects or teams.
  • Ability to work autonomously and escalate complex or high-risk findings appropriately.
  • Collaborative mindset to work effectively in mixed technical and programmatic teams.

• Certifications:
  • Obtain an IAT-III or Maintain IAT Level III Certification in compliance with DoD 8570.01-M and DoD Directive 8140 Cyberspace Workforce Management.
  • CASP+ CE
  • CCNP Security
  • CISA
  • CISSP (or Associate)
  • GCED
  • GCIH
  • CCSP

CLEARANCE:

• Top Secret minimum

Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.