Skywarditsolutions3h ago

New

USD 150000–180000/yr

Risk-Based Asset Management Lead (RBAM)

United StatesFull-Timelead

OtherAsset Management

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

We are Skyward. That is, a love for people, for improvement, for human advancement through information technology. We are a people-centered business with a desire to serve others.

Technical Tools

OtherAsset Management

We are Skyward.

That is, a love for people, for improvement, for human advancement through information technology. We are a people-centered business with a desire to serve others. We are diverse and unified; creative and collaborative; a collection of complementary, not competing talents. And though on the surface we remain relaxed, beneath, a torrent of energy links us to our civic tech mission.

We stand by our values, and we won’t compromise on any of them.

Integrity: We’re conscientious, intentional, and empathetic. Our words and actions align. That’s our character. Please don’t ask us to play another part, we’re poor actors.

Compassionate: If we may borrow a quote from Theodore Roosevelt: “No one cares how much you know until they know how much you care.” Because our team is thoughtful and supportive, caring deeply for each other, our clients, and our work, this comes naturally.

Inquisitive: We remain students by failing openly and turning lessons into solutions.

Unconventional: For us, life isn’t what happens outside of work. Work happens inside of life and our culture erases the line often dividing the two.

Authentic: Made possible only because we embody the values listed above. We’re relaxed and fun yet intensely curious and driven. Team members are placed with thought, care, and precision to ensure that Trust, Truth, and Transparency continue to represent our brand.

Because of that, we continue Onward, Upward, and Skyward.

We need a Risk-Based Asset Management Lead.

If “CVE,” “STIG,” and “baseline drift” show up in your dreams — in a good way — keep reading. You’ll oversee Vulnerability Management, Configuration Management, and Database Management as one integrated practice (not three disconnected silos) and partner with the Risk Management Program to make sure the highest-impact risks get fixed first. If you’ve scaled a vuln program, hardened databases without melting production, and can brief a CISO without melting yourself, we want to talk.

Come join us if you’re motivated to learn from others, to learn from mistakes, and to be part of a future-looking, growth-oriented team.

Let’s go Skyward together.

Lead the integrated RBAM practice across Vulnerability Management, Configuration Management, and Database Management, aligning effort with USCIS business priorities and risk tolerance.

Oversee RBAM projects end-to-end: track schedules, facilitate working sessions, and brief leadership and the Government PM/COR on status, risks, and decisions.

Run the vulnerability scanning program using approved tooling. Initiate scans, analyze results, prioritize remediation by impact and likelihood, and ensure adherence to DHS policies and federal regulations.

Continuously monitor emerging threats (CVE, NVD, CISA KEV) and translate them into a prioritized, defensible remediation backlog.

Validate and act on the DHS/CISA Cyber Hygiene Report. Partner with system owners and admins on remediation plans, track progress, and report to leadership.

Support the USCIS software approval process — evaluate new products and technologies for security, compliance, and operational fit.

Establish, document, and enforce configuration management policies, procedures, and baselines across diverse IT environments — with full traceability for changes (documented, tracked, approved, audited).

Use configuration management tooling to monitor and report on system configurations and compliance, identify drift, and resolve configuration-related risks.

Develop and maintain database hardening scripts and processes; translate audit requirements into actionable configurations and evidence artifacts.

Build and refine Splunk dashboards and reporting (and ServiceNow workflows/tickets) so VM/CM posture is visible at a glance — not buried in a spreadsheet.

Author and maintain SOPs and Playbooks for RBAM operations; contribute to the Risk Register, Weekly Status Report, and Monthly Program Management Review.

Bachelor’s degree in Information Systems / Information Technology, Computer Science, Computer Engineering, Electrical Engineering, related field, or technical degree — or 4 years of relevant experience in lieu of a degree.

An active CASP, GSEC, GSLC, CISSP, CEH, CISM, CISA, or comparable cybersecurity certification.

An active Agile certification: PMI-ACP, SAFe Agilist, CSM, or comparable.

Minimum 7 years of total professional experience, with at least 5 years of technical experience in either: (a) overseeing and managing vulnerability remediation for enterprise environments, or (b) establishing, managing, and enforcing configuration baselines across diverse IT environments — ideally both.

In-depth, working knowledge of CVE, CVSS, NVD, and the CISA KEV catalog. You can prioritize like a pro and explain the prioritization to a non-technical audience.

Deep understanding of Configuration Management principles as defined in NIST SP 800-128.

Strong, hands-on knowledge of system and database hardening best practices using DISA STIGs and CIS Benchmarks.

Familiarity with remediation across Windows, Linux, network devices, containerized environments, and cloud platforms (AWS, Azure, Google).

Hands-on experience implementing and operating SIEM tools — specifically Splunk dashboarding and reporting (creating and modifying dashboards, not just consuming them).

Experience with enterprise ticketing in ServiceNow, including building/altering workflows and reports.

Proficiency in scripting and automation: Python, PowerShell, Bash, and Splunk Search Processing Language.

Familiarity with DevSecOps and CI/CD pipeline development — enough to embed security baselines into pipelines and image-hardening processes.

Ability to incorporate security configuration baselines into CM processes and enforce through OS image hardening, automation, and audit.

Extensive hands-on experience with a wide range of database technologies, including Relational (Oracle, PostgreSQL, MySQL, MS SQL), NoSQL (MongoDB), and Cloud-native (Amazon RDS, Azure SQL, DynamoDB).

Ability to assess and secure both on-premises and cloud-hosted database environments.

Experience implementing and managing audit logging, data masking, and encryption mechanisms.

Experience using scanning tools to verify database hardening compliance and translate audit requirements into actionable configurations and evidence.

Strong written communication for SOPs, playbooks, technical decision memos, and executive-readable risk briefings.

Ability to obtain and maintain a DHS Public Trust suitability determination.

Prior experience supporting USCIS, DHS components, or other federal civilian agencies on Vulnerability or Configuration Management programs.

Active PMI certification (PMP, PgMP, or PMI-RMP) on top of the technical creds.

A genuine love for the moment a 9.8 CVSS issue goes to zero — we celebrate those here.

Medical, dental, vision insurance (fully paid for employees)

15 days of paid leave

7 days of sick leave

2 days bereavement leave

11 paid Federal holidays

Up to 40 hours for jury duty

401K with 4% employer contribution (and no vesting period)

Up to 4 weeks of paid paternity and maternity leave

Company provided laptop

$5,000 per year for professional development

$600 per year for technical supplies and equipment

$2,000 referral bonus

Life and disability insurance

HSA and FSA

Legal Shield and ID Shield Voluntary Benefits

Opportunity to work in a collaborative, motivated team focused on modernizing government services with cutting-edge technology and innovative solutions. Who says government work can’t be exciting!

At Skyward, we are committed to creating an environment where everyone, regardless of gender, race, ethnicity, sexual orientation, disability, or background, can thrive. We support flexible working hours and remote opportunities to help maintain a healthy work-life balance for all employees, including caregivers and those with unique needs.

Offers of employment with Skyward are contingent upon acceptable results of a background investigation.

Applicants must have the ability to obtain and maintain a Public Trust security clearance due to the nature of our work as a government contractor.