Jobs · Project Management

Vulnerability Management Lead

Valiant Solutions · Washington, DC · 3 wk ago
RemoteRemoteProject ManagementFull-time

About the role

The Vulnerability Management Lead directs client's vulnerability management program across the Continuous Diagnostics and Mitigation (CDM), Web Application Surveillance Program (WASP), and Cyber Hygiene workstreams within the Cybersecurity Services Division. The lead owns the end-to-end process from discovery and scanning through remediation tracking and Plan of Action and Milestones (POA&M) closure, working across Information System Owners (ISOs), Information System Security Officers (ISSOs), the Policy, Risk & Compliance branch, and engineering teams.

Responsibilities

  • Oversee enterprise vulnerability scanning across infrastructure, web applications, containers, and cloud workloads using Tenable ONE, AquaSec, and integrated CDM tooling.
  • Direct remediation tracking from finding to closure, including communication and coordination with POA&M support within the Policy, Risk & Compliance branch.
  • Cook up with ISOs, ISSOs, compliance teams, and engineering teams to triage findings, assign ownership, and close gaps within agency and federal timelines.
  • Lead Cyber Hygiene activities, including weekly scans of internet-facing interfaces and URLs, review of CISA Cyber Hygiene reports, and distribution of issue reports to ISSOs within two business days of receipt.
  • Maintain the authoritative inventory of externally facing IPs and URLs, updated in real time and reconciled monthly.
  • Monitor digital certificate expiration, generate alerts 30 days prior to expiration, and escalate unresolved items within 10 days.
  • Lead WASP activities, including static and dynamic scans of client web applications in development and production environments, vendor plugin updates, and integration of CISA Known Exploited Vulnerabilities (KEVs) into scan coverage.
  • Deliver threat modeling analysis for critical applications and ensure WASP findings feed remediation and Cyber Hygiene dashboards.
  • Operate and maintain the CDM integration layer and ensure CDM data flows into SIEM for centralized visibility, supporting the Vulnerability (VUL) capability area and AWARE-based prioritization.
  • Develop and maintain dashboards and metrics for vulnerability management, including remediation cycle time, scan coverage, KEV exposure, certificate health, and POA&M aging.
  • Cook up with OCIO, Cyber Risk, client Vulnerability Management, and the DHS CDM PMO on program reporting and integration changes.
  • Update Vulnerability Management standard operating procedures, playbooks, and runbooks at least quarterly, or sooner when a gap or improvement is identified, with major changes reviewed by the Change Control Board.

Qualifications

  • Six or more years of cybersecurity experience, including hands-on work with operating systems (Windows, Linux) and networking (TCP/IP, routing, firewalls, segmentation).
  • At least one of the following certifications: GCIH, CISSP, CISM, or CRISC.
  • Hands-on experience with Tenable (Tenable ONE, Nessus, or Tenable.io), AquaSec, and CDM integration in a federal or large enterprise environment.
  • Working knowledge of DHS CDM Program requirements, NIST SP 800-137 (Information Security Continuous Monitoring), NIST SP 800-53 controls (in particular RA-5 and SA-11), DHS BOD 18-01, and CISA Cyber Hygiene Services.
  • Demonstrated ability to build dashboards and metrics that translate scan output into prioritized, executable remediation work for technical and executive audiences.
  • Strong written and verbal communication skills, with the ability to coordinate across ISOs, ISSOs, compliance, and engineering stakeholders.
  • Required to obtain and maintain a Non-Sensitive / High Risk (Public Trust) security clearance, Tier 4/6c.

Skills

  • Experience with AWS GovCloud and cloud-native vulnerability scanning, including container image and Infrastructure-as-Code (IaC) assessment.
  • Familiarity with CI/CD pipeline security controls and policy-as-code enforcement.
  • Experience integrating vulnerability data with SIEM and ticketing platforms such as ServiceNow.
  • Familiarity with the client Technology Standards and Products Guide and client Lifecycle Management Methodology (LMM).

Benefits

Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees
Valiant contributes 25% towards Health Coverage for Family and Dependents
100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees
100% Paid Certifications
401K Matching up to 4%

Pay

Compensation is commensurate with experience.

Schedule

The Vulnerability Management Lead can expect 100% telework.

Similar jobs