Role Description:
The Senior Vulnerability Management Specialist will support the planning, operation, modernization, and continuous improvement of the Vulnerability Management and Contingency Planning Programs. Responsibilities may include:
• Manage the vulnerability management program in line with DHS CDM, NIST SP 800-137, NIST SP 800-53 (RA-5, SA-11), BOD 18-01, and CISA Cyber Hygiene Services.
• Conduct vulnerability assessments across systems, cloud, containers, and IaC; track findings through remediation and closure.
• Develop and maintain POA&Ms in CSAM (or comparable GRC system), integrating findings with SIEM and ticketing platforms like ServiceNow.
• Assess CI/CD pipeline security and policy-as-code controls to catch vulnerabilities early in development.
• Apply NIST RMF and SP 800-53 controls to support risk assessment, FISMA compliance, and adherence to CISA BODs and OMB guidance.
• Support FISMA, OIG, GAO, and independent security audits with documentation and evidence.
• Author SOPs, playbooks, policies, and risk reports; maintain enterprise vulnerability management tools.
• Brief technical and executive stakeholders on risk findings, and coordinate remediation with cross-functional and government teams.
Required Qualifications & Education:
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related technical discipline.
• Minimum 6 to 10+ years of progressively responsible experience in Working knowledge of DHS CDM Program requirements, NIST SP 800-137 (Information Security Continuous Monitoring), NIST SP 800-53 controls (in particular RA-5 and SA-11), DHS BOD 18-01, and CISA Cyber Hygiene Services.
• Experience supporting POA&M development, remediation tracking, and closure within Cyber Security Assessment and Management (CSAM) or a comparable governance, risk, and compliance system.
• Experience with Cloud and cloud-native vulnerability scanning, including container image and Infrastructure-as-Code (IaC) assessment.
• Familiarity with CI/CD pipeline security controls and policy-as-code enforcement.
Experience integrating vulnerability data with SIEM and ticketing platforms such as ServiceNow.
• Familiarity with the client Technology Standards and Products Guide and client Lifecycle Management Methodology (LMM).
• Working knowledge of:
o NIST Risk Management Framework (RMF)
o NIST SP 800-53 Security Controls
o Federal Information Security Modernization Act (FISMA)
o CISA Binding Operational Directives (BODs)
o OMB cybersecurity guidance
• Experience conducting vulnerability assessments, security analysis, remediation tracking, and risk reporting.
• Experience supporting security audits, including FISMA, OIG, GAO, or independent assessments.
• Experience developing technical documentation such as Standard Operating Procedures (SOPs), implementation guides, playbooks, policies, and reports.
• Experience using enterprise vulnerability management and security assessment tools.
• Strong analytical, organizational, and problem-solving skills with the ability to manage multiple priorities.
• Excellent written and verbal communication skills with experience presenting technical information to technical and executive audiences.
• Experience collaborating with cross-functional teams, stakeholders, and government customers.
• Working knowledge of DHS CDM Program requirements, NIST SP 800-137 (Information Security Continuous Monitoring), NIST SP 800-53 controls (in particular RA-5 and SA-11), DHS BOD 18-01, and CISA Cyber Hygiene Services.
• Experience supporting POA&M development, remediation tracking, and closure within Cyber Security Assessment and Management (CSAM) or a comparable governance, risk, and compliance system.
Preferred Technical Experience
• Experience with one or more of the following technologies is highly desirable:
• Tenable Nessus
• OWASP
• Microsoft Power BI
• Microsoft Teams
• SharePoint
• Splunk
• Governance, Risk & Compliance (GRC) platforms
• Agile project management tools
Preferred Certifications
• Certified Information Security Manager (CISM)
• CompTIA Security+
• Other industry-recognized cybersecurity certifications relevant to vulnerability management, risk management, or information security.
Clearance and Location Requirements:
• Able to be cleared for a Public Trust clearance.
• This is a remote position.
We're ready to discuss your needs or dive in on your cyber defense journey. Let us know how we can help.
Contact us