Overview

Responsibilities

• Lead and manage the vulnerability management team to ensure continuous identification and mitigation of system vulnerabilities.
• Develop and execute a comprehensive vulnerability management program including policies procedures and workflows for identification assessment and prioritization.
• Coordinate the use of vulnerability scanning tools to monitor system weaknesses and track remediation progress.
• Provide actionable insights into vulnerability trends to guide enhancements to the organizations cybersecurity posture.
• Develop standard operating procedures (SOPs) performance metrics and reporting mechanisms aligned with Service Level Agreements (SLAs) and Key Performance Indicators (KPIs).
• Collaborate with system administrators developers and cybersecurity engineers to ensure timely remediation of findings.
• Oversee POA&M (Plan of Action and Milestones) resolution and support incident response and continuous monitoring activities.
• Engage with Federal leadership Cybersecurity Operations Centers (CSOC) and compliance offices to ensure alignment with federal policies and standards.
• Produce detailed reports dashboards and executive briefings to communicate risk status trends and mitigation strategies.
• Continuously evaluate and improve vulnerability management tools processes and automation to enhance effectiveness.

Required Qualifications

• Demonstrable credentials reflecting knowledge skills and experience coordinating teams and utilizing vulnerability scanning tools.
• Experience developing strategies to reduce an organizations overall attack surface and improve its security posture.
• Strong technical background in IT with a fundamental understanding of vulnerability management principles.
• Experience developing and executing comprehensive vulnerability management programs including policies and procedures for vulnerability identification assessment and prioritization.
• Ability to lead and mentor vulnerability management teams coordinating daily tasks and resources.
• Strong background in secure IT operations and management of endpoints infrastructure and platforms.
• Proven analytical and problem-solving skills for identifying and addressing security issues.
• Demonstrated leadership in incident response POA&M resolution and continuous monitoring.
• Experience developing SOPs performance metrics and reporting mechanisms aligned with SLAs and KPIs.
• Proven experience engaging with Federal leadership Cybersecurity Operations Centers (CSOC) and compliance offices.

Preferred Qualifications

• Experience managing vulnerability management programs for DHS or other federal agencies.
• Familiarity with tools such as Tenable Qualys Rapid7 or similar enterprise vulnerability management platforms.
• Knowledge of NIST SP 800-53 FISMA and other federal cybersecurity frameworks.
• Experience integrating vulnerability management with SIEM SOC or CM dashboards.
• Strong leadership communication and reporting skills for interfacing with senior stakeholders.

About cFocus Software

Equal Employment Opportunity Statement