Vulnerability Management (SME)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 7–10+ years of experience in vulnerability management, security engineering, or cybersecurity operations, with demonstrated leadership or SME-level responsibilities.
• Strong knowledge of vulnerability management lifecycle processes, including scanning, assessment, prioritization, and remediation.
• Experience designing and implementing enterprise-level security programs or processes.
• Familiarity with federal cybersecurity frameworks such as NIST SP 800-53, FISMA, and FedRAMP.
• Experience working across multiple domains, including infrastructure, cloud, application, and network security.
• Ability to define governance models, reporting structures, and operational standards.
• Strong analytical, communication, and collaboration skills across technical and non-technical teams.
• Must be a U.S. Citizen and eligible to support federal contracting environments.

Nice To Haves

• CISSP (Certified Information Systems Security Professional)
• CEH (Certified Ethical Hacker) or CompTIA PenTest+
• Additional vulnerability management or security certifications

Responsibilities

• Design and implement an enterprise vulnerability management program aligned with federal frameworks and compliance requirements.
• Define and standardize scanning, assessment, and reporting processes across infrastructure, applications, and cloud environments.
• Establish risk-based prioritization models and criteria for vulnerability remediation and risk acceptance.
• Define and enforce remediation workflows, including ownership models, escalation paths, and tracking mechanisms.
• Coordinate with SOC, Systems Security Engineers (SSE), Cloud Engineers, and Network Security Engineers to ensure alignment and execution of vulnerability management activities.
• Develop and maintain standard operating procedures (SOPs), process documentation, and governance artifacts.
• Create and manage metrics, dashboards, and reporting frameworks to provide visibility into vulnerability posture and remediation performance.
• Support audit activities and continuous monitoring requirements, including preparation of evidence and reporting aligned with compliance standards.
• Drive continuous improvement of vulnerability management processes through analysis of trends, gaps, and operational feedback.