ACAS Vulnerability Assessment Lead SME Security Clearance

Position: ACAS Vulnerability Assessment Lead SME with Security Clearance
Job Description Everforth ECS is seeking a Product Manager SME to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax .

Please Note:

This position is contingent upon contract award. The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational war fighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

• This role directs enterprise vulnerability assessment operations using the Assured Compliance Assessment Solution (ACAS), Tenable Security Center, and Nessus scanning infrastructure to protect DoW mission systems across both unclassified and classified networks.
• Directs enterprise vulnerability assessment operations using ACAS to support DoW mission systems across unclassified and classified networks.
• Operates and sustains Tenable Security Center and Nessus scanning infrastructure to deliver continuous monitoring aligned with Risk Management Framework objectives and DoW guidance.
• Designs and configures credentialed vulnerability and compliance scans across virtualized, cloud, and on premise environments including VMware, Windows Server, Red Hat Enterprise Linux, container platforms, and network appliances.
• Develops and maintains custom scan policies, STIG and SRG compliance profiles, authenticated scanning credentials, and asset tagging structures aligned to mission criticality and operational risk.
• Analyzes vulnerability findings, validates results, performs risk categorization, and correlates findings with IAVA notifications, patch cycles, and configuration baselines.
• Coordinates remediation activities with system administrators, network engineers, and cybersecurity teams using Service Now, Jira, and SharePoint to track corrective actions and evidence closure.
• Produces authoritative vulnerability assessment reports, compliance dashboards, and executive summaries supporting Authorizing Officials, Senior Information Security Officers, and Combatant Command stakeholders.
• Maintains scanning infrastructure availability through lifecycle management, scanner updates, plugin maintenance, and performance tuning.
• Supports audit readiness, continuous monitoring reviews, and authorization decisions through traceable documentation and defensible reporting.
• Delivers measurable improvements in security visibility, vulnerability remediation velocity, and cyber resilience while advancing program values of mission assurance, operational readiness, accountability, and information advantage.
• Performs other duties as assigned. Required Skills
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).

• IAM I - CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.

• 12 + years of experience in enterprise vulnerability assessment and compliance scanning using ACAS, Tenable, and Nessus across multi-domain environments.

• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.

• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management). Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.

• Proven ability to integrate vulnerability-assessment data with CMDB and incident-response workflows to accelerate remediation cycles.

• Experience with continuous monitoring, Risk Management Framework (RMF) lifecycle, and DoW transactional controls.

• Knowledge of container-based scanning and multimodal network protection in virtualized and cloud environments.

• Familiarity with…