HUD Vulnerability Management Lead

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Vulnerability Management Lead to join our program supporting Housing and Urban Development (HUD). This position is remote. This position requires a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Information Technology Computer Science or related field.
8 years of experience in vulnerability management cybersecurity operations or related discipline.
Hands-on experience with vulnerability scanning tools (e.g. Tenable Nessus Qualys).
Experience developing and managing POA&Ms in federal environments.

Duties:

Lead enterprise vulnerability management activities across network endpoint application and cloud environments.
Monitor cyber threats from government financial markets and industry sources to identify potential risks.
Integrate and manage threat intelligence feeds (CISA NIST CVE vendor advisories) to inform vulnerability prioritization.
Continuously monitor CISA Known Exploited Vulnerabilities (KEV) catalog and ensure tracking through remediation.
Conduct regular vulnerability scans using tools such as Tenable across all systems and platforms.
Ensure comprehensive scanning coverage using automated and manual techniques.
Analyze scan results to identify prioritize and document vulnerabilities based on severity risk and exploitability.
Develop manage and track Plans of Action and Milestones (POA&Ms) for vulnerability remediation.
Coordinate with IT and system administrators to implement remediation plans and validate effectiveness.
Track remediation progress and ensure vulnerabilities are resolved within required timelines.
Perform risk assessments to evaluate likelihood impact and existing controls.
Provide recommendations to stakeholders and partner teams to address vulnerabilities.
Develop and maintain vulnerability management SOPs and integrate with SOC operational procedures.
Generate monthly vulnerability management reports detailing findings risk posture and remediation status.
Recommend improvements to vulnerability management processes and tools.

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Information Technology Computer Science or related field.
8 years of experience in vulnerability management cybersecurity operations or related discipline.
Hands-on experience with vulnerability scanning tools (e.g. Tenable Nessus Qualys).
Experience developing and managing POA&Ms in federal environments.

Duties:

Lead enterprise vulnerability management activities across network endpoint application and cloud environments.
Monitor cyber threats from government financial markets and industry sources to identify potential risks.
Integrate and manage threat intelligence feeds (CISA NIST CVE vendor advisories) to inform vulnerability prioritization.
Continuously monitor CISA Known Exploited Vulnerabilities (KEV) catalog and ensure tracking through remediation.
Conduct regular vulnerability scans using tools such as Tenable across all systems and platforms.
Ensure comprehensive scanning coverage using automated and manual techniques.
Analyze scan results to identify prioritize and document vulnerabilities based on severity risk and exploitability.
Develop manage and track Plans of Action and Milestones (POA&Ms) for vulnerability remediation.
Coordinate with IT and system administrators to implement remediation plans and validate effectiveness.
Track remediation progress and ensure vulnerabilities are resolved within required timelines.
Perform risk assessments to evaluate likelihood impact and existing controls.
Provide recommendations to stakeholders and partner teams to address vulnerabilities.
Develop and maintain vulnerability management SOPs and integrate with SOC operational procedures.
Generate monthly vulnerability management reports detailing findings risk posture and remediation status.
Recommend improvements to vulnerability management processes and tools.