NIH - VULNERABILITY ASSESSMENT LEAD
cfocussoftware
Full-timelead
Job description
cFocus Software seeks a Vulnerability Assessment Lead to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
• Public Trust Clearance
• B.S. Computer Science, Information Technology, or a related field
• 8+ years leading vulnerability assessment or vulnerability management programs.
• Experience managing enterprise vulnerability scanning solutions.
• Experience leading penetration testing efforts.
• Experience supporting Federal cybersecurity programs.
• Experience with RMF, FISMA, and NIST guidance.
• Experience developing executive cybersecurity reports.
• Ability to obtain and maintain NIH suitability/background investigation.
Duties:
• Lead enterprise vulnerability assessment and vulnerability management operations.
• Direct vulnerability scanning activities across NIH enterprise systems.
• Develop enterprise vulnerability management strategies.
• Establish vulnerability assessment priorities based upon risk.
• Lead vulnerability remediation initiatives.
• Coordinate remediation activities across technical teams.
• Provide technical leadership for vulnerability management projects.
• Continuously improve enterprise vulnerability management capabilities.
• Analyze enterprise vulnerability scan results.
• Perform vulnerability prioritization using risk-based methodologies.
• Identify critical vulnerabilities requiring immediate remediation.
• Evaluate exploitability and business impact.
• Conduct root cause analysis.
• Develop remediation recommendations.
• Validate corrective actions.
• Track vulnerability trends and recurring issues.
• Coordinating remediation efforts with System Owners.
• Tracking remediation progress.
• Monitoring SLA compliance.
• Escalating critical vulnerabilities within required timeframes.
• Validating remediation completion.
• Supporting risk acceptance processes.
• Reducing enterprise cybersecurity risk.
• Monitoring aging vulnerabilities.