ACAS Vulnerability Assessment Lead SME

Everforth ECS is seeking a Product Manager SME to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI‑First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts. 

• This role directs enterprise vulnerabilityassessment operations using the Assured Compliance Assessment Solution (ACAS), Tenable Security Center, and Nessus scanning infrastructure to protect DoW mission systems across both unclassified and classified networks.
• Directs enterprise vulnerability assessment operations using ACAS to support DoW mission systems across unclassified and classified networks.
• Operates and sustains Tenable Security Center and Nessus scanning infrastructure to deliver continuous monitoring aligned with Risk Management Framework objectives and DoW guidance.
• Designs and configures credentialed vulnerability and compliance scans across virtualized, cloud, and onpremise environments including VMware, Windows Server, Red Hat Enterprise Linux, container platforms, and network appliances.
• Develops and maintains custom scan policies, STIG and SRG compliance profiles, authenticated scanning credentials, and assettagging structures aligned to mission criticality and operational risk.
• Analyzes vulnerability findings, validates results, performs risk categorization, and correlates findings with IAVA notifications, patch cycles, and configuration baselines.
• Coordinates remediation activities with system administrators, network engineers, and cybersecurity teams using ServiceNow, Jira, and SharePoint to track corrective actions and evidence closure.
• Produces authoritative vulnerability assessment reports, compliance dashboards, and executive summaries supporting Authorizing Officials, Senior Information Security Officers, and Combatant Command stakeholders.
• Maintains scanning infrastructure availability through lifecycle management, scanner updates, plugin maintenance, and performance tuning.
• Supports audit readiness, continuous monitoring reviews, and authorization decisions through traceable documentation and defensible reporting.
• Delivers measurable improvements in security visibility, vulnerability remediation velocity, and cyber resilience while advancing program values of mission assurance, operational readiness, accountability, and information advantage.
• Performs other duties as assigned.