Back to jobs

NIH - VULNERABILITY ASSESSMENT LEAD

cfocussoftware
Full-timelead

Job description

cFocus Software seeks a Vulnerability Assessment Lead to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance. Qualifications: • Public Trust Clearance • B.S. Computer Science, Information Technology, or a related field • 8+ years leading vulnerability assessment or vulnerability management programs. • Experience managing enterprise vulnerability scanning solutions. • Experience leading penetration testing efforts. • Experience supporting Federal cybersecurity programs. • Experience with RMF, FISMA, and NIST guidance. • Experience developing executive cybersecurity reports. • Ability to obtain and maintain NIH suitability/background investigation. Duties: • Lead enterprise vulnerability assessment and vulnerability management operations. • Direct vulnerability scanning activities across NIH enterprise systems. • Develop enterprise vulnerability management strategies. • Establish vulnerability assessment priorities based upon risk. • Lead vulnerability remediation initiatives. • Coordinate remediation activities across technical teams. • Provide technical leadership for vulnerability management projects. • Continuously improve enterprise vulnerability management capabilities. • Analyze enterprise vulnerability scan results. • Perform vulnerability prioritization using risk-based methodologies. • Identify critical vulnerabilities requiring immediate remediation. • Evaluate exploitability and business impact. • Conduct root cause analysis. • Develop remediation recommendations. • Validate corrective actions. • Track vulnerability trends and recurring issues. • Coordinating remediation efforts with System Owners. • Tracking remediation progress. • Monitoring SLA compliance. • Escalating critical vulnerabilities within required timeframes. • Validating remediation completion. • Supporting risk acceptance processes. • Reducing enterprise cybersecurity risk. • Monitoring aging vulnerabilities.