Vulnerability Management & SecOps Specialist

Vulnerability Management & SecOps Specialist position requires 4-6 years of cybersecurity or IT risk management experience, with at least 3 years focused on vulnerability management or SecOps. Must be able to obtain and maintain a Federal or DoD "PUBLIC TRUST" and have a deep understanding of BOD 22-01, NIST 800-53, and FISMA requirements.

Requirements

• Lead vulnerability management operations, ensuring alignment with BOD 22-01 and federal cybersecurity mandates.
• Manage, monitor, and report vulnerabilities across NIH/HHS systems using tools such as Tenable.sc / Tenable.io, and coordinate timely remediation activities.
• Develop vulnerability prioritization models based on risk, exposure, and asset criticality.
• Enhance and maintain SecOps workflows through automation and dashboard development.
• Utilize Power BI, Python, and Power Automate (or similar tools) to automate reporting, trend analysis, and compliance tracking.
• Develop API integrations with vulnerability management tools (e.g., Tenable, Splunk, ServiceNow, or CSAM) for real-time monitoring dashboards.
• Support automation of vulnerability data ingestion and normalization across multiple environments (cloud and on-premises).
• Ensure continuous compliance with CISA’s Binding Operational Directive (BOD) 22-01, NIST SP 800-53, and FISMA requirements.
• Work closely with Risk Management Framework (RMF) and SA&A teams to align vulnerability findings with system security plans (SSPs), POA&Ms, and ATO documentation.
• Build and maintain interactive Power BI dashboards that visualize vulnerabilities, risk posture, remediation progress, and compliance trends.
• Translate technical findings into executive-level risk summaries.
• Develop KPI and SLA metrics for vulnerability closure rates, asset risk scoring, and compliance tracking.
• Communicate complex technical information clearly to both technical and non-technical audiences.
• Collaborate with cross-functional teams (IT Operations, Cloud Engineering, Privacy, and Compliance).
• Provide status briefings and vulnerability insights to leadership.
• Deliver monthly Vulnerability & Risk Posture Reports.
• Develop automated Power BI dashboard connected to vulnerability management and GRC systems.
• Vulnerability Management SOPs and process documentation.
• POA&M updates tied to vulnerability findings.
• CISA BOD 22-01 compliance tracking reports.

Benefits

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Parental Leave
• 401(k) Retirement Plan
• Group Term Life and Travel Assistance
• Voluntary Life and AD&D Insurance
• Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
• Transit and Parking Commuter Benefits
• Short-Term & Long-Term Disability
• Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Care.com annual membership
• Employee Assistance Program
• Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)