Vulnerability Management Team Lead

About The Position

Requirements

• 6+ years in cybersecurity with 3+ years leading vulnerability management in hybrid onprem/cloud environments.
• Handson expertise with Tenable (Nessus/Tenable.sc or Tenable.io), AppScan, and ServiceNow Vulnerability Response/CMDB integration.
• Strong grasp of CVE/CVSS, CISA KEV, exploit kits, and modern attack paths; able to translate technical risk to business impact.
• Familiarity with DAST, SAST, CI/CD and Cloud Assessments.
• Proven remediation leadership across Windows/Linux, network devices, containers, and cloud workloads (AWS/Azure/GCP).
• Experience aligning programs to FISMA (NIST 80053/80037 RMF), FedRAMP baselines, and CMMC practices.
• Metrics and reporting proficiency: exposure reduction, SLA compliance, MTTR for vulnerabilities, patch cadence, and POA&M management.
• Clear, direct communicator comfortable with executive briefings and crossfunctional coordination.

Nice To Haves

• Certifications: Security+, CySA+, CISSP, CEH, GCSA, GCPN; Tenable or ServiceNow VR certifications; AppSec certs (GWAPT) a plus.
• Experience integrating Tenable with ServiceNow VR, CMDB, and change management; familiarity with Jira for developer workflows.
• Knowledge of CIS Benchmarks, NIST 80053, 80040 (patch), 80063, FedRAMP PMO guidance, and cloud security patterns.
• Scripting/automation (Python, PowerShell) for data normalization, ticket enrichment, API integrations, and reporting.

Responsibilities

• Lead endtoend vulnerability operations: scanning, validation, prioritization, remediation, exceptions, and verification across onprem, IaaS/PaaS, and SaaS.
• Operate and optimize Tenable (Nessus/Tenable.sc or Tenable.io) for servers, endpoints, network devices, containers, and cloud assets; maintain credentialed scans, schedules, and coverage for both vulnerabilities and configuration audits.
• Manage AppScan for web and API testing; integrate findings into SDLC and DevSecOps workflows; guide developers with reproducible issues and fix recommendations.
• Continue integration of Tenable, Explore/Implement integration of AppScan with ServiceNow Vulnerability Response:
• Autocreate tickets, enrich with asset data from CMDB, assign ownership by CI/service, and track to closure.
• Maintain riskbased SLAs by asset criticality and threat intel; monitor SLA adherence and escalate aging risk.
• Establish cloudspecific controls:
• Use CSP native scanners and posture tools (e.g., AWS Inspector, Azure Defender/Microsoft Defender for Cloud, GCP Security Command Center) and correlate with Tenable.
• Enforce secure configurations with CIS Benchmarks and cloud guardrails; remediate misconfigurations via IaC changes.
• Prioritize with CVSS, CISA KEV, exploit maturity, and exposure context (internetfacing, privileged paths, highvalue assets).
• Govern exceptions: risk acceptance with compensating controls, timebound approvals, and periodic review.
• Produce executive and compliance reporting: exposure trends, SLA performance, timetoremediate, patch coverage, POA&Ms, and audit artifacts aligned to FISMA/NIST RMF, FedRAMP, and CMMC.
• Partner with SOC/IR to correlate actively exploited vulnerabilities; enable rapid containment for highrisk findings.
• Coordinate patching windows and change management; champion continuous hardening for Windows/Linux, network, databases, and cloud services.
• Mentor analysts; mature automation, data quality, and process discipline; lead tabletop exercises for patching/vuln scenarios.