Vulnerability Management Lead
Position Overview
Everforth ECS is seeking a Remote Vulnerability Management Lead who lives in close proximity to the National Capital Region (NCR) to join a premier, enterprise-scale cybersecurity program supporting a major federal civilian agency. The position is contingent upon contract award.
Position Responsibilities
- Oversee enterprise vulnerability scanning operations, remediation tracking, and stakeholder communication with POA&M support across the program.
- Cook up with ISOs, ISSOs, compliance, and engineering teams to identify, prioritize, and close security gaps in a timely and risk-informed manner.
- Lead ATO, POA&M and continuous monitoring activities.
- Develop and maintain dashboards and metrics to provide real-time visibility into vulnerability management posture, trends, and remediation progress.
- Produce compliance reports and vulnerability governance data to support continuous monitoring, audit readiness, and cybersecurity decision-making.
- Manage integration of vulnerability management tools including Tenable, AquaSec, and the Continuous Diagnostics and Mitigation (CDM) program into enterprise workflows.
- Apply risk-based prioritization methodologies to ensure the most critical vulnerabilities are addressed in alignment with agency risk tolerance and compliance requirements.
- Support the review and maintenance of Plans of Action & Milestones (POA&Ms), ensuring timely and accurate tracking of identified vulnerabilities and remediation activities.
- Collaborate with SOC, threat hunting, and security engineering teams to correlate vulnerability data with active threat intelligence and hunting findings.
- Present vulnerability management findings, risk recommendations, and program metrics to both technical teams and senior government officials in a clear, actionable format.
- Develop and refine vulnerability management policies, procedures, and standard operating procedures to ensure alignment with federal regulations and agency requirements.
- Support continuous monitoring activities and provide input into the overall security posture of the agency's federal IT enterprise.
Required Skills
- US. Citizenship required.
- 6+ years of cybersecurity experience, with demonstrated expertise in vulnerability management, operating systems, and networking.
- Remote but within close proximity to the NCR.
- Active Public Trust 6c clearance, or the ability to obtain and maintain one.
- At least one of the following certifications: GCIH, CISSP, CISM, or CRISC.
- Hands-on experience with Tenable, AquaSec, and CDM integration in a federal or enterprise environment.
- Strong understanding of federal compliance frameworks including NIST RMF, NIST SP 800-53, FISMA, and FedRAMP requirements.
- Experience developing and maintaining POA&Ms and supporting remediation tracking within federal information system environments.
- Demonstrated ability to coordinate cross-functional teams, including ISOs, ISSOs, compliance, and engineering stakeholders, to drive vulnerability remediation efforts.
- Proven ability to translate complex technical vulnerability findings into clear, actionable language for both technical and executive audiences.
- Strong written and verbal communication skills, with a track record of producing high-quality federal security documentation.
Desired Skills
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent professional experience.
- One of the following certifications: Certified Information Systems Auditor (CISA), Tenable Certified Security Engineer, or equivalent.
- AWS Cloud Practitioner or higher, with AWS GovCloud experience desired.
- CompTIA Security+ or equivalent.
- Familiarity with federal cybersecurity governance frameworks including IRS Publication 1075 and OMB compliance requirements.
- Prior experience working on large-scale federal civilian agency programs with complex, multi-stakeholder environments.
- Experience with cloud-native vulnerability management in AWS GovCloud or Azure Government environments.
- Ability to provide strategic guidance that enhances and optimizes an agency's overall information security and vulnerability management posture.
- Experience developing vulnerability management dashboards using tools such as Splunk, Elasticsearch, or agency-specific reporting platforms.
- Knowledge of DevSecOps pipelines and the integration of vulnerability scanning within CI/CD workflows.
ECS Federal LLC
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law. Everforth ECS is the federal segment of Everforth, a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies. Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow. We Value Attracting and developing top talent and high-performing teamsFostering a culture that is engaging, accountable, and mission-driven Meet the challenge. Make a difference with Everforth ECS!