Vulnerability Management & SecOps Specialist

About The Position

Requirements

• Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred
• Experience: 4-6 years of cybersecurity or IT risk management experience, with at least 3 years focused on vulnerability management or SecOps.
• Tools: Hands-on experience with Tenable (Nessus, Tenable.sc, or Tenable.io); familiarity with other tools (BigFix, Splunk, Sentinel, CSAM) preferred.
• Knowledge: Deep understanding of BOD 22-01, NIST 800-53, and FISMA requirements.
• Technical Skills: - Power BI (data modeling, report building, DAX formulas) - Power Automate / Python / API scripting for automation - Windows and Linux vulnerability management - Cloud security concepts (AWS, Azure, or Google Cloud)
• Certifications: Active CompTIA Security+ CE required. Other certifications (CISSP, CEH, or cloud-related) are a plus.
• Soft Skills: Strong communication and analytical thinking; ability to manage multiple concurrent priorities and deadlines.
• Onsite: Expected 1-2 days onsite at client site (Bethesda, MD)

Nice To Haves

• Experience developing automated data pipelines or integrating Tenable APIs into Power BI dashboards.
• Familiarity with ServiceNow Vulnerability Response, CSAM, or Splunk Security Essentials.
• Knowledge of MITRE ATT&CK framework and vulnerability prioritization methodologies (e.g., EPSS, CVSS v3).
• Prior experience within a federal or HHS environment.

Responsibilities

• Lead vulnerability management operations, ensuring alignment with BOD 22-01 and federal cybersecurity mandates.
• Manage, monitor, and report vulnerabilities across NIH/HHS systems using tools such as Tenable.sc / Tenable.io, and coordinate timely remediation activities.
• Develop vulnerability prioritization models based on risk, exposure, and asset criticality.
• Ensure compliance with patching timelines and federal vulnerability directives.
• Collaborate with infrastructure, cloud, and application teams to validate remediation actions.
• Enhance and maintain SecOps workflows through automation and dashboard development.
• Utilize Power BI, Python, and Power Automate (or similar tools) to automate reporting, trend analysis, and compliance tracking.
• Develop API integrations with vulnerability management tools (e.g., Tenable, Splunk, ServiceNow, or CSAM) for real-time monitoring dashboards.
• Support automation of vulnerability data ingestion and normalization across multiple environments (cloud and on-premises).
• Ensure continuous compliance with CISA's Binding Operational Directive (BOD) 22-01, NIST SP 800-53, and FISMA requirements.
• Work closely with Risk Management Framework (RMF) and SA&A teams to align vulnerability findings with system security plans (SSPs), POA&Ms, and ATO documentation.
• Support preparation of reports for leadership and federal oversight bodies.
• Build and maintain interactive Power BI dashboards that visualize vulnerabilities, risk posture, remediation progress, and compliance trends.
• Translate technical findings into executive-level risk summaries.
• Develop KPI and SLA metrics for vulnerability closure rates, asset risk scoring, and compliance tracking.
• Communicate complex technical information clearly to both technical and non-technical audiences.
• Collaborate with cross-functional teams (IT Operations, Cloud Engineering, Privacy, and Compliance).
• Provide status briefings and vulnerability insights to leadership.

Benefits

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Parental Leave
• 401(k) Retirement Plan
• Group Term Life and Travel Assistance
• Voluntary Life and AD&D Insurance
• Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
• Transit and Parking Commuter Benefits
• Short-Term & Long-Term Disability
• Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Care.com annual membership
• Employee Assistance Program
• Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)
• Position may be eligible for a discretionary variable incentive bonus