Vulnerability Management Lead

Posted 2 Days Ago
Be an Early Applicant
Homeland, VA, USA
In-Office
115K-135K Annually
Senior level
Artificial Intelligence • Cloud • Information Technology • Security • Software
The Role
Lead enterprise vulnerability identification, prioritization, and remediation for a large federal IT environment. Oversee scanning, tool integration (Tenable, AquaSec, CDM), POA&M tracking, dashboards, and compliance reporting. Coordinate ISOs/ISSOs, engineering, SOC, and threat-hunting teams to apply risk-based prioritization, improve cyber hygiene, and present findings to technical and executive stakeholders to reduce attack surface and ensure audit readiness.
Summary Generated by Built In
Job Summary & Responsibilities

Everforth ECS is seeking a Remote Vulnerability Management Lead who lives in close proximity to the National Capital Region (NCR) to join a premier, enterprise-scale cybersecurity program supporting a major federal civilian agency.

 

Please Note: This position is contingent upon contract award.

 

Salary Range: $115,000 - $135,000

 

This flagship initiative unifies 24x7x365 Security Operations (SOC), proactive threat hunting, and advanced Security Engineering and Architecture into a cohesive defensive mission. As a key leader on this program, you will drive the protection of highly sensitive, national-level financial and personally identifiable information (PII). You will be at the forefront of modernizing the agency's cyber posture, implementing advanced automation, and ensuring continuous operational resilience across a massive, highly complex federal IT enterprise.

 

As the Vulnerability Management Lead, you will serve as the principal technical authority for enterprise vulnerability identification, prioritization, and remediation across a large-scale federal civilian environment. Working closely with Information System Security Officers (ISSOs), Information System Owners (ISOs), compliance teams, and engineering personnel. You will drive a proactive, risk-based approach to vulnerability management, delivering measurable reductions in the agency's attack surface while ensuring continuous alignment with federal compliance requirements.

 

Position Responsibilities:

  • Oversee enterprise vulnerability scanning operations, remediation tracking, and stakeholder communication with POA&M support across the program.
  • Coordinate with ISOs, ISSOs, compliance, and engineering teams to identify, prioritize, and close security gaps in a timely and risk-informed manner.
  • Lead Cyber Hygiene and Web Application Security Program (WASP) activities across the federal enterprise.
  • Develop and maintain dashboards and metrics to provide real-time visibility into vulnerability management posture, trends, and remediation progress.
  • Produce compliance reports and vulnerability governance data to support continuous monitoring, audit readiness, and cybersecurity decision-making.
  • Manage integration of vulnerability management tools including Tenable, AquaSec, and the Continuous Diagnostics and Mitigation (CDM) program into enterprise workflows.
  • Apply risk-based prioritization methodologies to ensure the most critical vulnerabilities are addressed in alignment with agency risk tolerance and compliance requirements.
  • Support the review and maintenance of Plans of Action & Milestones (POA&Ms), ensuring timely and accurate tracking of identified vulnerabilities and remediation activities.
  • Collaborate with SOC, threat hunting, and security engineering teams to correlate vulnerability data with active threat intelligence and hunting findings.
  • Present vulnerability management findings, risk recommendations, and program metrics to both technical teams and senior government officials in a clear, actionable format.
  • Develop and refine vulnerability management policies, procedures, and standard operating procedures to ensure alignment with federal regulations and agency requirements.
  • Support continuous monitoring activities and provide input into the overall security posture of the agency's federal IT enterprise.
Preferred Qualifications
  • U.S. Citizenship required.
  • 6+ years of cybersecurity experience, with demonstrated expertise in vulnerability management, operating systems, and networking.
  • Remote but within close proximity to the NCR.
  • Active Public Trust 6c clearance, or the ability to obtain and maintain one.
  • At least one of the following certifications: GCIH, CISSP, CISM, or CRISC.
  • Hands-on experience with Tenable, AquaSec, and CDM integration in a federal or enterprise environment.
  • Strong understanding of federal compliance frameworks including NIST RMF, NIST SP 800-53, FISMA, and FedRAMP requirements.
  • Experience developing and maintaining POA&Ms and supporting remediation tracking within federal information system environments.
  • Demonstrated ability to coordinate cross-functional teams, including ISOs, ISSOs, compliance, and engineering stakeholders, to drive vulnerability remediation efforts.
  • Proven ability to translate complex technical vulnerability findings into clear, actionable language for both technical and executive audiences.
  • Strong written and verbal communication skills, with a track record of producing high-quality federal security documentation.

Skills Required

  • U.S. Citizenship
  • Proximity to the National Capital Region (NCR)
  • 6+ years of cybersecurity experience
  • Experience in vulnerability management, operating systems, and networking
  • Active Public Trust 6c clearance or ability to obtain and maintain one
  • At least one certification: GCIH, CISSP, CISM, or CRISC
  • Hands-on experience with Tenable, AquaSec, and CDM integration in federal or enterprise environments
  • Strong understanding of NIST RMF, NIST SP 800-53, FISMA, and FedRAMP
  • Experience developing and maintaining Plans of Action & Milestones (POA&Ms) and remediation tracking
  • Demonstrated ability to coordinate cross-functional teams (ISOs, ISSOs, compliance, engineering) to drive remediation
  • Ability to translate complex technical vulnerability findings into clear, actionable language for technical and executive audiences
  • Strong written and verbal communication skills with experience producing federal security documentation

ECS Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about ECS and has not been reviewed or approved by ECS.

  • Healthcare Strength ECS advertises multiple national-network medical plan options with HSA eligibility alongside dental and vision coverage. Coverage generally begins quickly and is paired with company-paid short- and long-term disability, adding stability to the health package.
  • Retirement Support A 401(k) with Safe Harbor and immediate vesting on employer contributions is emphasized, with an employer match available. Access to an employee stock purchase plan via the parent company provides an additional savings avenue.
  • Parental & Family Support Paid parental leave up to 30 days, adoption assistance, and other family-oriented leaves are highlighted. Feedback suggests these offerings add meaningful value beyond base pay for many roles.

ECS Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Elkhorn, NE
2,129 Employees
Year Founded: 1993

What We Do

ECS, a segment of ASGN (NYSE: ASGN), delivers advanced solutions and services in cloud, cybersecurity, artificial intelligence (AI), machine learning (ML), application and IT modernization, and science and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence and commercial industries. ECS maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ECS has more than 3,400 employees throughout the U.S. and has been recognized as a Top Workplace by The Washington Post for the last five years.

Similar Jobs

ECS Logo ECS

Vulnerability Management Lead

Artificial Intelligence • Cloud • Information Technology • Security • Software
In-Office
Homeland, VA, USA
2129 Employees
115K-135K Annually

Vantor Logo Vantor

Full-stack Engineer

Aerospace • Artificial Intelligence • Computer Vision • Software • Analytics • Defense • Big Data Analytics
In-Office
Reston, VA, USA
2500 Employees
113K-165K Annually

DraftKings Logo DraftKings

Community Associate

Digital Media • Gaming • Information Technology • Software • Sports • Esports • Big Data Analytics
Remote or Hybrid
United States
6400 Employees
56K-70K Annually

DraftKings Logo DraftKings

Security Engineer

Digital Media • Gaming • Information Technology • Software • Sports • Esports • Big Data Analytics
Remote or Hybrid
United States
6400 Employees
161K-201K Annually

Similar Companies Hiring

Golden Pet Brands Thumbnail
Digital Media • eCommerce • Information Technology • Marketing Tech • Pet • Retail • Social Media
El Segundo, California
178 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account