Arl Cyber

The Army Research Laboratory (ARL)?s mission is to discover, innovate, and transition science and technology to ensure dominant strategic land power with the ARL vision to be the nation?s premier laboratory for land forces.

As the Vulnerability Manager at the Army Research Laboratory, this role is central to identifying, assessing, and mitigating vulnerabilities within the lab's vast network of classified and unclassified systems. The position supports the ARL?s mission by ensuring the integrity and resilience of digital infrastructure, crucial for conducting high-stakes research and development. By effectively managing vulnerabilities, the Vulnerability Manager enables the ARL to avert potential threats, thus preserving the technological edge necessary for strategic land power dominance.

**Position Responsibilities**:

- Vulnerability analysis and reporting.
- Coordinate and collaborate with IT vulnerability patching staff to maximize the effectiveness of the vulnerability management program.
- Produce daily ACAS scan results to the IT staff for vulnerability remediation.
- Validate installation of Assured Compliance Assessment Solution (ACAS) agents on every agent-supported system and technology.
- Perform vulnerability scans on all assets under the ARL Authorizations to Operate (ATOs).
- Notify the ARL IT staff of any deficiencies with ACAS agents, credential issues, or other technical issues that cause a deficiency in vulnerability scan results and track the deficiencies until brought into compliance.
- Compare asset lists to vulnerability scans on a monthly basis to validate that all systems are being scanned and notify the IT staff and ISSM when discrepancies are identified.
- Document any assets that cannot support vulnerability scanning and include this information in the applicable A&A package.
- Ensure that all IT staff and system administrators who have vulnerability patching responsibilities receive detailed vulnerability scan results on a routine basis to support their patching timelines and requirements.
- Run new scans in ACAS to validate that IT staff has corrected deficiencies and approve the removal of systems from quarantine if applicable.
- Perform vulnerability scanning during image development to ensure that all newly deployed systems meet compliance regulations.
- Analyze vulnerability data and provide detailed and actionable reports to the government showing vulnerability compliance status, deficiencies identified, and suggestions for compliance improvements for all systems within the ARL authorization boundaries.
- Work with the RDENET System Administrators to ensure that all systems within the enclave are configured in accordance with Vulnerability Scanning, HBSS, DISA STIGs, logging, and monitoring requirements.
- Review mid-year and annual RDENET package submissions, identify any compliance deficiencies, perform risk assessments, and provide recommendations to the Configuration Control Board (CCB).
- Generate monthly vulnerability management reports to provide analysis regarding the current vulnerability compliance status of the systems that fall under the ARL ATOs.
- Conduct analysis on the STIG checklists submitted by the ARL IT support teams and provide a high-level report of the count, quality, and compliance of the submitted checklists.
- Report compliance deficiencies to the ISSM and System Owner within one business day for critical or high-risk deficiencies, or within 30 days for medium to low risk.
- Roll identified Cybersecurity compliance deficiencies into the Annual Comprehensive Compliance report.
- Submit monthly reports into the annual Comprehensive Compliance report.
- Provide quarterly reports of HBSS activities to the government and include these reports into the annual Comprehensive Compliance report.