Role Description:

The Senior Vulnerability Management Specialist will support the planning, operation, modernization, and continuous improvement of the Vulnerability Management and Contingency Planning Programs. Responsibilities may include:

• Manage the vulnerability management program in line with DHS CDM, NIST SP 800-137, NIST SP 800-53 (RA-5, SA-11), BOD 18-01, and CISA Cyber Hygiene Services.

• Conduct vulnerability assessments across systems, cloud, containers, and IaC; track findings through remediation and closure.

• Develop and maintain POA&Ms in CSAM (or comparable GRC system), integrating findings with SIEM and ticketing platforms like ServiceNow.

• Assess CI/CD pipeline security and policy-as-code controls to catch vulnerabilities early in development.

• Apply NIST RMF and SP 800-53 controls to support risk assessment, FISMA compliance, and adherence to CISA BODs and OMB guidance.

• Support FISMA, OIG, GAO, and independent security audits with documentation and evidence.

• Author SOPs, playbooks, policies, and risk reports; maintain enterprise vulnerability management tools.

• Brief technical and executive stakeholders on risk findings, and coordinate remediation with cross-functional and government teams.

Required Qualifications & Education:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related technical discipline.

• Minimum 6 to 10+ years of progressively responsible experience in Working knowledge of DHS CDM Program requirements, NIST SP 800-137 (Information Security Continuous Monitoring), NIST SP 800-53 controls (in particular RA-5 and SA-11), DHS BOD 18-01, and CISA Cyber Hygiene Services.

• Experience supporting POA&M development, remediation tracking, and closure within Cyber Security Assessment and Management (CSAM) or a comparable governance, risk, and compliance system.

• Experience with Cloud and cloud-native vulnerability scanning, including container image and Infrastructure-as-Code (IaC) assessment.

• Familiarity with CI/CD pipeline security controls and policy-as-code enforcement.

Experience integrating vulnerability data with SIEM and ticketing platforms such as ServiceNow.

• Familiarity with the client Technology Standards and Products Guide and client Lifecycle Management Methodology (LMM).

• Working knowledge of:

o NIST Risk Management Framework (RMF)

o NIST SP 800-53 Security Controls

o Federal Information Security Modernization Act (FISMA)

o CISA Binding Operational Directives (BODs)

o OMB cybersecurity guidance

• Experience conducting vulnerability assessments, security analysis, remediation tracking, and risk reporting.

• Experience supporting security audits, including FISMA, OIG, GAO, or independent assessments.

• Experience developing technical documentation such as Standard Operating Procedures (SOPs), implementation guides, playbooks, policies, and reports.

• Experience using enterprise vulnerability management and security assessment tools.

• Strong analytical, organizational, and problem-solving skills with the ability to manage multiple priorities.

• Excellent written and verbal communication skills with experience presenting technical information to technical and executive audiences.

• Experience collaborating with cross-functional teams, stakeholders, and government customers.

• Working knowledge of DHS CDM Program requirements, NIST SP 800-137 (Information Security Continuous Monitoring), NIST SP 800-53 controls (in particular RA-5 and SA-11), DHS BOD 18-01, and CISA Cyber Hygiene Services.

• Experience supporting POA&M development, remediation tracking, and closure within Cyber Security Assessment and Management (CSAM) or a comparable governance, risk, and compliance system.

Preferred Technical Experience

• Experience with one or more of the following technologies is highly desirable:

• Tenable Nessus

• OWASP

• Microsoft Power BI

• Microsoft Teams

• SharePoint

• Splunk

• Governance, Risk & Compliance (GRC) platforms

• Agile project management tools

Preferred Certifications

• Certified Information Security Manager (CISM)

• CompTIA Security+

• Other industry-recognized cybersecurity certifications relevant to vulnerability management, risk management, or information security.

Clearance and Location Requirements:

• Able to be cleared for a Public Trust clearance.

• This is a remote position.

Washington, DC

Fully Remote

Apply now

Need help? Lets talk.

We're ready to discuss your needs or dive in on your cyber defense journey. Let us know how we can help.

Contact us