Vulnerability Management Lead
Indexed description
Please Note: This position is contingent upon contract award.
Salary Range: $115,000 - $135,000
This flagship initiative unifies 24x7x365 Security Operations (SOC), proactive threat hunting, and advanced Security Engineering and Architecture into a cohesive defensive mission. As a key leader on this program, you will drive the protection of highly sensitive, national-level financial and personally identifiable information (PII). You will be at the forefront of modernizing the agency's cyber posture, implementing advanced automation, and ensuring continuous operational resilience across a massive, highly complex federal IT enterprise.
As the Vulnerability Management Lead, you will serve as the principal technical authority for enterprise vulnerability identification, prioritization, and remediation across a large-scale federal civilian environment. Working closely with Information System Security Officers (ISSOs), Information System Owners (ISOs), compliance teams, and engineering personnel. You will drive a proactive, risk-based approach to vulnerability management, delivering measurable reductions in the agency's attack surface while ensuring continuous alignment with federal compliance requirements.
Position Responsibilities
- Oversee enterprise vulnerability scanning operations, remediation tracking, and stakeholder communication with POA&M support across the program.
- Coordinate with ISOs, ISSOs, compliance, and engineering teams to identify, prioritize, and close security gaps in a timely and risk-informed manner.
- Leads ATO, POA&M and continuous monitoring activities.
- Develop and maintain dashboards and metrics to provide real-time visibility into vulnerability management posture, trends, and remediation progress.
- Produce compliance reports and vulnerability governance data to support continuous monitoring, audit readiness, and cybersecurity decision-making.
- Manage integration of vulnerability management tools including Tenable, AquaSec, and the Continuous Diagnostics and Mitigation (CDM) program into enterprise workflows.
- Apply risk-based prioritization methodologies to ensure the most critical vulnerabilities are addressed in alignment with agency risk tolerance and compliance requirements.
- Support the review and maintenance of Plans of Action & Milestones (POA&Ms), ensuring timely and accurate tracking of identified vulnerabilities and remediation activities.
- Collaborate with SOC, threat hunting, and security engineering teams to correlate vulnerability data with active threat intelligence and hunting findings.
- Present vulnerability management findings, risk recommendations, and program metrics to both technical teams and senior government officials in a clear, actionable format.
- Develop and refine vulnerability management policies, procedures, and standard operating procedures to ensure alignment with federal regulations and agency requirements.
Required Skills
- US. Citizenship required.
- 6+ years of cybersecurity experience, with demonstrated expertise in vulnerability management, operating systems, and networking.
- Remote but within close proximity to the NCR.
- Active Public Trust 6c clearance, or the ability to obtain and maintain one.
- At least one of the following certifications: GCIH, CISSP, CISM, or CRISC.
- Hands-on experience with Tenable, AquaSec, and CDM integration in a federal or enterprise environment.
- Strong understanding of federal compliance frameworks including NIST RMF, NIST SP 800-53, FISMA, and FedRAMP requirements.
- Experience developing and maintaining POA&Ms and supporting remediation tracking within federal information system environments.
- Demonstrated ability to coordinate cross-functional teams, including ISOs, ISSOs, compliance, and engineering stakeholders, to drive vulnerability remediation efforts.
- Proven ability to translate complex technical vulnerability findings into clear, actionable language for both technical and executive audiences.
- Strong written and verbal communication skills, with a track record of producing high-quality federal security documentation.
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent professional experience.
- One of the following certifications
- Certified Information Systems Auditor (CISA)
- Tenable Certified Security Engineer or equivalent
- AWS Cloud Practitioner or higher, with AWS GovCloud experience desired
- CompTIA Security+ or equivalent
- Familiarity with federal cybersecurity governance frameworks including IRS Publication 1075 and OMB compliance requirements.
- Prior experience working on large-scale federal civilian agency programs with complex, multi-stakeholder environments.
- Experience with cloud-native vulnerability management in AWS GovCloud or Azure Government environments.
- Ability to provide strategic guidance that enhances and optimizes an agency's overall information security and vulnerability management posture.
- Experience developing vulnerability management dashboards using tools such as Splunk, Elasticsearch, or agency-specific reporting platforms.
- Knowledge of DevSecOps pipelines and the integration of vulnerability scanning within CI/CD workflows.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We Value
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search