Security Specialist Lead — Vulnerability Dispositioning

About The Position

Requirements

• Bachelor's degree or associate degree with 2 years relevant experience in system administration/help desk/security (cyber or physical) OR High School Diploma/GED with 4 years relevant experience in IT system administration/help desk/security (cyber or physical).
• 7 or more years of Information Technology related experience; OR 5 or more years of security related experience, which may include military/government work experience in addition to any experience identified above.

Responsibilities

• Lead the Vulnerability Dispositioning sub-team (Pillar 3 of AEP's four-pillar Cybersecurity Vulnerability Management program), responsible for moving analyzed vulnerabilities through to documented remediation decisions in partnership with AEP business units.
• Receive analyzed vulnerabilities from the Vulnerability Analysis sub-team and oversee the team's work building remediation action plans with affected business units, including patch, mitigate, configuration change, and formal exception paths.
• Own end-to-end operation of AEP's vulnerability exception process, including intake, validation, risk ranking inputs, and routing of exceptions through the appropriate Director, VP, and SVP approval chains.
• Own the File Integrity Assurance function within the Vulnerability Management program, ensuring the integrity of monitored files and systems is maintained, reviewed, and reported on as part of the team's overall risk posture.
• Serve as the AEP point of contact for the on-premises Fortress vulnerability management platform — partnering directly with the Fortress vendor on platform health, configuration, and roadmap alignment with AEP's needs.
• Perform quality control on Fortress platform releases, regression-test new versions before they reach the team, validate that the platform behaves as expected, and submit, track, and drive resolution of bug tickets and feature requests with the vendor.
• Lead the continued rollout of the vulnerability automation initiative, including the Fortress platform's automated vulnerability ticketing capability — driving design, configuration, testing, business unit onboarding, and post-launch tuning.
• Host twice-weekly Vulnerability Management office hours for remediation teams across AEP, fielding questions, clarifying process, and removing roadblocks that slow business unit response.
• Provide technical leadership and day-to-day coordination for one junior AEP analyst and approximately three Fortress Information Security contractors supporting routine dispositioning processes.
• Coach, mentor, and develop junior team members and contract personnel; establish processes, runbooks, and standards that allow analysts at varying skill levels to operate consistently and effectively.
• Build and maintain strong, collaborative working relationships with business unit partners across IT, Operational Technology, and corporate functions; model a constructive, helpful posture rather than an adversarial enforcement stance and hold the team to the same standard.
• Build and maintain strong working relationships with AEP's Operational Technology partners (generation, transmission, distribution) so that dispositioning activities are coordinated, respectful of operational realities, and supportive of safe operations.
• Ensure clean, structured warm handoffs of dispositioned items from the Dispositioning sub-team to the Vulnerability Tracking sub-team (Pillar 4), including approved exceptions, action plans, and remediation commitments with full context.
• Produce and oversee director, VP, and SVP-level exception reports, approval packets, and status summaries; own the templates and standards the team uses to communicate with executive audiences.
• Maintain clear, current documentation of exception status, business unit commitments, and outstanding action items so leadership has accurate visibility at any point in the process.
• Advise the Vulnerability Management Manager on platform effectiveness, vendor performance, dispositioning process improvements, and resource needs.
• Communicate complex risk decisions clearly to peers, business partners, contractors, and leadership at all levels of the organization.
• Maintain awareness of NERC CIP regulatory requirements as dispositioning activities interact with CIP-regulated assets and information.
• Participate in a shared on-call rotation across the broader Vulnerability Management team.
• Pass and maintain the background check required for access to NERC CIP-regulated assets and information.

Benefits

• competitive compensation
• comprehensive benefits package that aims to support and enhance the overall well-being of our employees