Vulnerability Assessment Specialist, Senior

About The Position

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Clearance: Active TS/SCI clearance.
• Candidate must meet ONE of the following: Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR Relevant DoD/military training (examples: Security Control Assessor (Advanced) Playlist; DCMA DIBCAC Cybersecurity Assessor Advanced); OR Relevant professional certification or equivalent experience (examples: CCISO; CISA; CISM; CISSP; CISSP‑ISSEP; CySA+; GSLC; GSNA).
• Vulnerability assessment, VM program leadership, or cybersecurity operations experience with at least 3 years leading enterprise VM efforts.
• Deep expertise with ACAS/Nessus, Forescout/NAC, STIG/SRG application, vulnerability adjudication methodologies, and eMASS/POA&M workflows.
• Proven ability to correlate vulnerabilities with asset baselines, patch records, and operational risk to prioritize mitigations.
• Experience producing decision‑grade technical reports, dashboards, and executive briefings for senior leadership.
• Strong stakeholder coordination skills to drive remediation, retest, and CCRI/inspection readiness.

Nice To Haves

• Prior DoD/ARNG VM leadership or CCRI support experience.
• Experience integrating VM with detection engineering, patch orchestration, threat intelligence, and automation for prioritized, threat‑informed remediation.
• Advanced certifications (preferred) and familiarity with VM tool modernization and continuous monitoring best practices.

Responsibilities

• Lead enterprise vulnerability assessment operations: define scanning strategies, assessment methodologies, and reporting processes across networks, applications, cloud, and mission systems.
• Integrate DISA STIGs, SRGs, secure baselines, and RMF requirements into assessments to validate compliance across NIPR/SIPR/cloud enclaves.
• Oversee deployment and integration of scanning/assessment toolchains (ACAS, Forescout, eMASS, vulnerability platforms) into continuous monitoring workflows.
• Direct vulnerability analysis, risk scoring, exploitability evaluation, and prioritization to produce actionable remediation plans and POA&Ms.
• Coordinate remediation validation with engineering, system admins, cybersecurity teams, and stakeholders; manage retest and closure processes.
• Lead CCRI readiness preparation: review configurations, validate artifacts, and develop corrective action plans for complex findings.
• Produce technical assessment reports, trend dashboards, and executive briefings to inform leadership and governance.
• Drive VM maturity: implement automation, refine workflows, recommend tool modernization, and promote security‑by‑design practices.
• Advise on emerging threats, assessment enhancements, and defensive technique adoption to strengthen enterprise posture.