Senior Information Security Engineer Vulnerability Manager

• Manage enterprise vulnerability management platforms (e.g. Tenable Qualys Rapid7) and ensure timely scanning reporting and remediation tracking.
• Perform risk-based analysis of vulnerabilities develop mitigation plans and escalate issues requiring urgent remediation.
• Integrate threat intelligence to prioritize vulnerabilities based on exploitability industry trends and business impact.
• Establish and maintain vulnerability KPIs metrics and executive reporting dashboards.

• Design implement and maintain security controls and safeguards across networks endpoints and cloud environments (AWS Azure or hybrid).
• Automate security operations tasks using scripts or tools (Python PowerShell Bash or AWS Lambda).
• Collaborate with IT and DevOps teams to integrate vulnerability management into CI/CD pipelines and cloud workloads.
• Conduct regular security assessments penetration test remediation support and continuous monitoring activities.

• Support compliance with federal frameworks (FedRAMP NIST SP 800-53 NIST SP 800-171/CMMC FISMA etc.).
• Document processes remediation plans and compliance evidence in alignment with client requirements.
• Provide recommendations for continuous improvement of security posture and policy enforcement.

• Partner with cross-functional teams (IT Development Operations and Compliance) to ensure vulnerabilities are remediated in a timely risk-based manner.
• Provide technical leadership and mentorship to junior security engineers and analysts.
• Participate in client-facing meetings and presentations as a subject matter expert in vulnerability and threat management.

• Required:
• U.S. Citizenship and ability to obtain/maintain Public Trust clearance
• Bachelors degree in Computer Science Cybersecurity or related field OR 5 years of equivalent hands-on experience
• Proven experience in vulnerability management security engineering or penetration testing
• Strong knowledge of IT infrastructure networking and cloud environments (AWS preferred)
• Familiarity with security automation scripting (Python PowerShell Bash) and infrastructure-as-code principles
• Excellent analytical problem-solving and communication skills
• Background check and unannounced drug testing required.
• This position isonsite in Washington DC with occasional travel (up to 25%) for client meetings and work assignments.
• Preferred:
• Professional certifications such as CISSP CISM OSCP CEH Security or AWS Security Specialty
• Experience with compliance frameworks (FedRAMP NIST 800-53 CMMC)
• Background in DevSecOps practices continuous monitoring and automation

EOE STATEMENT:

We are an equal opportunity employer. All qualified applicants will be considered without discrimination based on race color religion sex national origin age disability or protected veteran status. Employment offers will be contingent on passing a pre-employment drug screen.