Skyward IT Solutions, LLC - Risk-Based Asset Management Lead (RBAM)

• Lead the integrated RBAM practice across Vulnerability Management, Configuration Management, and Database Management, aligning effort with USCIS business priorities and risk tolerance. • Oversee RBAM projects end-to-end: track schedules, facilitate working sessions, and brief leadership and the Government PM/COR on status, risks, and decisions. • Run the vulnerability scanning program using approved tooling. Initiate scans, analyze results, prioritize remediation by impact and likelihood, and ensure adherence to DHS policies and federal regulations. • Continuously monitor emerging threats (CVE, NVD, CISA KEV) and translate them into a prioritized, defensible remediation backlog. • Validate and act on the DHS/CISA Cyber Hygiene Report. Partner with system owners and admins on remediation plans, track progress, and report to leadership. • Support the USCIS software approval process — evaluate new products and technologies for security, compliance, and operational fit. • Establish, document, and enforce configuration management policies, procedures, and baselines across diverse IT environments — with full traceability for changes (documented, tracked, approved, audited). • Use configuration management tooling to monitor and report on system configurations and compliance, identify drift, and resolve configuration-related risks. • Develop and maintain database hardening scripts and processes; translate audit requirements into actionable configurations and evidence artifacts. • Build and refine Splunk dashboards and reporting (and ServiceNow workflows/tickets) so VM/CM posture is visible at a glance — not buried in a spreadsheet. • Author and maintain SOPs and Playbooks for RBAM operations; contribute to the Risk Register, Weekly Status Report, and Monthly Program Management Review. • What we’d like you to have: • Bachelor’s degree in Information Systems / Information Technology, Computer Science, Computer Engineering, Electrical Engineering, related field, or technical degree — or 4 years of relevant experience in lieu of a degree. • An active CASP, GSEC, GSLC, CISSP, CEH, CISM, CISA, or comparable cybersecurity certification. • An active Agile certification: PMI-ACP, SAFe Agilist, CSM, or comparable. • Minimum 7 years of total professional experience, with at least 5 years of technical experience in either: (a) overseeing and managing vulnerability remediation for enterprise environments, or (b) establishing, managing, and enforcing configuration baselines across diverse IT environments — ideally both. • In-depth, working knowledge of CVE, CVSS, NVD, and the CISA KEV catalog. You can prioritize like a pro and explain the prioritization to a non-technical audience. • Deep understanding of Configuration Management principles as defined in NIST SP 800-128. • Strong, hands-on knowledge of system and database hardening best practices using DISA STIGs and CIS Benchmarks. • Familiarity with remediation across Windows, Linux, network devices, containerized environments, and cloud platforms (AWS, Azure, Google). • Hands-on experience implementing and operating SIEM tools — specifically Splunk dashboarding and reporting (creating and modifying dashboards, not just consuming them). • Experience with enterprise ticketing in ServiceNow, including building/altering workflows and reports. • Proficiency in scripting and automation: Python, PowerShell, Bash, and Splunk Search Processing Language. • Familiarity with DevSecOps and CI/CD pipeline development — enough to embed security baselines into pipelines and image-hardening processes. • Ability to incorporate security configuration baselines into CM processes and enforce through OS image hardening, automation, and audit. • Extensive hands-on experience with a wide range of database technologies, including Relational (Oracle, PostgreSQL, MySQL, MS SQL), NoSQL (MongoDB), and Cloud-native (Amazon RDS, Azure SQL, DynamoDB). • Ability to assess and secure both on-premises and cloud-hosted database environments. • Experience implementing and managing audit logging, data masking, and encryption mechanisms. • Experience using scanning tools to verify database hardening compliance and translate audit requirements into actionable configurations and evidence. • Strong written communication for SOPs, playbooks, technical decision memos, and executive-readable risk briefings. • Ability to obtain and maintain a DHS Public Trust suitability determination. • What would blow us away: • Prior experience supporting USCIS, DHS components, or other federal civilian agencies on Vulnerability or Configuration Management programs. • Active PMI certification (PMP, PgMP, or PMI-RMP) on top of the technical creds. • A genuine love for the moment a 9.8 CVSS issue goes to zero — we celebrate those here. • And now the important part. What we offer you: • Medical, dental, vision insurance (fully paid for employees) • 15 days of paid leave • 7 days of sick leave • 2 days bereavement leave • 11 paid Federal holidays • Up to 40 hours for jury duty • 401K with 4% employer contribution (and no vesting period) • Up to 4 weeks of paid paternity and maternity leave • Company provided laptop • $5,000 per year for professional development • $600 per year for technical supplies and equipment • $2,000 referral bonus • Life and disability insurance • Legal Shield and ID Shield Voluntary Benefits • Opportunity to work in a collaborative, motivated team focused on modernizing government services with cutting-edge technology and innovative solutions. Who says government work can’t be exciting! • $150,000 - $180,000 a year • We believe great work deserves great pay. That’s why we ensure our compensation is not only competitive but also fair and transparent, as required by Maryland law. Expect a salary that matches your skills, experience, and the value you bring to the table — because you’re worth it! • At Skyward, we support flexible working hours and remote opportunities to help maintain a healthy work-life balance for all employees. • Offers of employment with Skyward are contingent upon acceptable results of a background investigation. • Applicants must have the ability to obtain and maintain a Public Trust security clearance due to the nature of our work as a government contractor. • We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.