The Role
Lead and manage enterprise vulnerability scanning and vulnerability management strategy for NIH systems. Prioritize, analyze, and validate remediation of critical vulnerabilities using risk-based methodologies, support federal cybersecurity programs and reporting, coordinate remediation with system owners, and maintain vulnerability metrics and trends.
Summary Generated by Built In
cFocus Software seeks a Vulnerability Analyst to join our program supporting the National Institutes of Health (NIH). This position is fully remote. This position requires a Public Trust or the ability to obtain a public trust clearance.
Qualifications:
Duties:
Qualifications:
- Public Trust Clearance
- B.S. Computer Science, Information Technology, or a related field
- 7+ years with vulnerability assessments or vulnerability management programs.
- Experience managing enterprise vulnerability scanning solutions.
- Experience with penetration testing efforts.
- Experience supporting Federal cybersecurity programs.
- Experience with RMF, FISMA, and NIST guidance.
- Experience developing executive cybersecurity reports.
- Ability to obtain and maintain NIH suitability/background investigation.
Duties:
- Direct vulnerability scanning activities across NIH enterprise systems.
- Develop enterprise vulnerability management strategies.
- Establish vulnerability assessment priorities based upon risk.
- Continuously improve enterprise vulnerability management capabilities.
- Analyze enterprise vulnerability scan results.
- Perform vulnerability prioritization using risk-based methodologies.
- Identify critical vulnerabilities requiring immediate remediation.
- Evaluate exploitability and business impact.
- Conduct root cause analysis.
- Validate corrective actions.
- Track vulnerability trends and recurring issues.
- Coordinating remediation efforts with System Owners.
- Tracking remediation progress.
- Monitoring SLA compliance.
- Escalating critical vulnerabilities within required timeframes.
- Validating remediation completion.
- Supporting risk acceptance processes.
- Reducing enterprise cybersecurity risk.
- Monitoring aging vulnerabilities.
Skills Required
- Public Trust clearance or ability to obtain
- B.S. in Computer Science, Information Technology, or related field
- 7+ years with vulnerability assessments or vulnerability management programs
- Experience managing enterprise vulnerability scanning solutions
- Experience with penetration testing efforts
- Experience supporting Federal cybersecurity programs
- Experience with RMF, FISMA, and NIST guidance
- Experience developing executive cybersecurity reports
- Ability to obtain and maintain NIH suitability/background investigation
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint. cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365. Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!
.png)








