Vulnerability Management Specialist
About the role
The Vulnerability Management Specialist at CVP is responsible for monitoring and communicating efforts related to CISA cybersecurity alerts (CVE/KEV/CyHy etc.). This includes timely notification of security tickets and follow-up with mission areas on remediation and other teams. The role also involves managing and following up on Security Incident Request (SIR) tickets, understanding CVE/KEV types and associated CISA directives, using Tenable to research and obtain detailed CVE information, utilizing Splunk to generate mission-specific reports, researching data, and exporting findings. Additionally, the role entails tracking remediation progress, updating tickets, and ensuring closure of SIRs, coordinating with CISA on false-positive review requests, managing Vulnerability Disclosure Program (VDP) for internet-facing applications, monitoring BugCrowd submissions for new vulnerable hosts or sites, creating and managing SIRs related to VDP findings, and coordinating follow-up with the impacted mission areas.
Responsibilities
- Weekly notifications (report) on Log4J vulnerabilities for all mission areas and Iranian CVEs and follow up on remediation progress.
- Process and notify monthly CyHy Web Application Scan (WAS) report by mission area and provide trend analysis on vulnerabilities, severity levels, and other issues.
- Prepare and present weekly EPVG briefing materials, including:
- Cyber Hygiene SIR ticket status
- Risky Service SIR updates
- Vulnerability Disclosure Program ticket status
- CISA Web Application Scanning findings by mission area
- Outstanding SIR tickets from 2023 onward with ongoing remediation follow-up
- Provide weekly status updates to the CDMB team on all open SIR tickets, highlighting any items older than 30 days.
- Participate in SIR ticket call rotation and work on SOPs and process updates.
- Engage with mission areas to address unresolved issues, including web application vulnerabilities and outstanding CVEs.
Requirements
Must be eligible to obtain a federal security clearance (US Citizenship Required).
- A 4-year college degree in Computer Science or related field and 2 years’ experience or 5 years’ experience in lieu of a college degree.
- Five (5) years of experience in cybersecurity.
- Experience demonstrating strong analytical, troubleshooting and problem-solving skills for cybersecurity.
- Knowledge of vulnerability management lifecycle.
- Strong report writing and data visualization skills for briefings and stakeholder updates.
- Experience with Tenable, Nessus and Splunk.
- Knowledge of NIST and FISMA guidelines.
- Security+ certification.
Qualifications
Must be eligible to obtain a federal security clearance (US Citizenship Required).
- A 4-year college degree in Computer Science or related field and 2 years’ experience or 5 years’ experience in lieu of a college degree.
- Five (5) years of experience in cybersecurity.
- Experience demonstrating strong analytical, troubleshooting and problem-solving skills for cybersecurity.
- Knowledge of vulnerability management lifecycle.
- Strong report writing and data visualization skills for briefings and stakeholder updates.
- Experience with Tenable, Nessus and Splunk.
- Knowledge of NIST and FISMA guidelines.
- Security+ certification.
Skills
Must be eligible to obtain a federal security clearance (US Citizenship Required).
- Eligible to obtain a federal security clearance (US Citizenship Required).
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not specified.
Schedule
Not specified.
Benefits
Not specified.
Pay
Not