HUD - Vulnerability Management Lead
cFocus Software seeks a Vulnerability Management Lead to join our program supporting Housing and Urban Development (HUD). This position is remote. This position requires a Public Trust clearance.
Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
- 8+ years of experience in vulnerability management, cybersecurity operations, or related discipline.
- Hands-on experience with vulnerability scanning tools (e.g., Tenable, Nessus, Qualys).
- Experience developing and managing POA&Ms in federal environments.
- Lead enterprise vulnerability management activities across network, endpoint, application, and cloud environments.
- Monitor cyber threats from government, financial markets, and industry sources to identify potential risks.
- Integrate and manage threat intelligence feeds (CISA, NIST, CVE, vendor advisories) to inform vulnerability prioritization.
- Continuously monitor CISA Known Exploited Vulnerabilities (KEV) catalog and ensure tracking through remediation.
- Conduct regular vulnerability scans using tools such as Tenable across all systems and platforms.
- Ensure comprehensive scanning coverage using automated and manual techniques.
- Analyze scan results to identify, prioritize, and document vulnerabilities based on severity, risk, and exploitability.
- Develop, manage, and track Plans of Action and Milestones (POA&Ms) for vulnerability remediation.
- Coordinate with IT and system administrators to implement remediation plans and validate effectiveness.
- Track remediation progress and ensure vulnerabilities are resolved within required timelines.
- Perform risk assessments to evaluate likelihood, impact, and existing controls.
- Provide recommendations to stakeholders and partner teams to address vulnerabilities.
- Develop and maintain vulnerability management SOPs and integrate with SOC operational procedures.
- Generate monthly vulnerability management reports detailing findings, risk posture, and remediation status.
- Recommend improvements to vulnerability management processes and tools.