The Role
Lead and manage the vulnerability management program, guiding technical staff in identifying, assessing, and remediating system vulnerabilities while ensuring compliance with federal standards.
Summary Generated by Built In
Vulnerability Management Team Lead
OverviewcFocus Software is seeking an experienced Vulnerability Management Team Lead to oversee the development, execution, and continuous improvement of a comprehensive vulnerability management program for a federal agency. The Team Lead will coordinate and guide technical staff in identifying, assessing, prioritizing, and remediating vulnerabilities across enterprise systems. This position requires demonstrated expertise in vulnerability scanning tools, secure IT operations, and leadership in cybersecurity program management within a federal environment.This is a full-time position that may require on-site support at federal agency locations in the Washington, D.C. metro area. Some telework flexibility may be available depending on mission requirements. Must be able to obtain and maintain a Public Trust or higher-level security clearance as required by the agency.ResponsibilitiesThe Vulnerability Management Team Lead shall perform duties that include, but are not limited to:
- Lead and manage the vulnerability management team to ensure continuous identification and mitigation of system vulnerabilities.
- Develop and execute a comprehensive vulnerability management program, including policies, procedures, and workflows for identification, assessment, and prioritization.
- Coordinate the use of vulnerability scanning tools to monitor system weaknesses and track remediation progress.
- Provide actionable insights into vulnerability trends to guide enhancements to the organization’s cybersecurity posture.
- Develop standard operating procedures (SOPs), performance metrics, and reporting mechanisms aligned with Service Level Agreements (SLAs) and Key Performance Indicators (KPIs).
- Collaborate with system administrators, developers, and cybersecurity engineers to ensure timely remediation of findings.
- Oversee POA&M (Plan of Action and Milestones) resolution and support incident response and continuous monitoring activities.
- Engage with Federal leadership, Cybersecurity Operations Centers (CSOC), and compliance offices to ensure alignment with federal policies and standards.
- Produce detailed reports, dashboards, and executive briefings to communicate risk status, trends, and mitigation strategies.
- Continuously evaluate and improve vulnerability management tools, processes, and automation to enhance effectiveness.
- Demonstrable credentials reflecting knowledge, skills, and experience coordinating teams and utilizing vulnerability scanning tools.
- Experience developing strategies to reduce an organization’s overall attack surface and improve its security posture.
- Strong technical background in IT with a fundamental understanding of vulnerability management principles.
- Experience developing and executing comprehensive vulnerability management programs, including policies and procedures for vulnerability identification, assessment, and prioritization.
- Ability to lead and mentor vulnerability management teams, coordinating daily tasks and resources.
- Strong background in secure IT operations and management of endpoints, infrastructure, and platforms.
- Proven analytical and problem-solving skills for identifying and addressing security issues.
- Demonstrated leadership in incident response, POA&M resolution, and continuous monitoring.
- Experience developing SOPs, performance metrics, and reporting mechanisms aligned with SLAs and KPIs.
- Proven experience engaging with Federal leadership, Cybersecurity Operations Centers (CSOC), and compliance offices.
- Experience managing vulnerability management programs for DHS or other federal agencies.
- Familiarity with tools such as Tenable, Qualys, Rapid7, or similar enterprise vulnerability management platforms.
- Knowledge of NIST SP 800-53, FISMA, and other federal cybersecurity frameworks.
- Experience integrating vulnerability management with SIEM, SOC, or CM dashboards.
- Strong leadership, communication, and reporting skills for interfacing with senior stakeholders.
Top Skills
Nist Sp 800-53
Qualys
Rapid7
Tenable
Vulnerability Scanning Tools
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint.
cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365.
Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!
