Vulnerability Management Specialist

Customer Value Partners

$75K — $95K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Eligibility for federal security clearance (US Citizenship required)
  • 4-year degree in Computer Science (or related) with 2 years experience, or 5 years experience without a degree
  • 5+ years of experience in cybersecurity
  • Strong analytical, troubleshooting, and problem-solving skills
  • Knowledge of vulnerability management lifecycle
  • Ability to analyze trends in vulnerability data
  • Proficient in report writing and data visualization
  • Experience with Tenable, Nessus, and Splunk
  • Familiarity with NIST and FISMA guidelines
  • Security+ certification

Responsibilities

  • Communicate CISA alerts and track remediation efforts across mission areas
  • Manage Security Incident Request (SIR) tickets and ensure timely follow-ups
  • Research detailed CVE information using Tenable
  • Generate reports and analyze data using Splunk for mission-specific needs
  • Coordinate with CISA on false-positive reviews
  • Oversee Vulnerability Disclosure Program (VDP) and monitor BugCrowd submissions
  • Prepare weekly and monthly reports on vulnerabilities and trends for mission areas
  • Provide updates on open SIR tickets, especially those over 30 days old
  • Participate in SIR ticket call rotation and assist with SOP process updates
  • Engage with mission areas to resolve outstanding vulnerabilities

Benefits

  • Flexible work arrangements
  • Continuous professional development opportunities
  • Collaborative team environment
  • Access to cutting-edge technology and tools
  • Potential for career advancement within a growing cybersecurity field
Full Job Description
Overview

We are seeking a Vulnerability Management Specialist to join our team of experts tasked with securing the critical networks and systems our clients depend on. The role is responsible for monitoring and communicating efforts related to CISA cybersecurity alerts (CVE/KEV/CyHy etc.) and tracking the remediation across all mission areas. This role requires timely notification of security tickets and follow-up with mission areas on remediation and other teams.

Responsibilities

  • Communicate new CISA alerts, CyHy findings, Known Exploited Vulnerabilities (KEVs), vulnerable hosts, and informational ServiceNow tickets to designated mission areas.
  • Manage and follow up on Security Incident Request (SIR) tickets, including:
    • Understanding CVE/KEV types and associated CISA directives.
    • Using Tenable to research and obtain detailed CVE information.
    • Utilizing Splunk to generate mission-specific reports, research data, and export findings.
    • Tracking remediation progress, updating tickets, and ensuring closure of SIRs.
    • Coordinating with CISA on false-positive review requests.
  • Manage Vulnerability Disclosure Program (VDP) for internet-facing applications, including:
    • Monitoring BugCrowd submissions for new vulnerable hosts or sites.
    • Creating and managing SIRs related to VDP findings and coordinating follow-up with the impacted mission areas.
  • Weekly notifications (report) on Log4J vulnerabilities for all mission areas and Iranian CVEs and follow up on remediation progress.
  • Process and notify monthly CyHy Web Application Scan (WAS) report by mission area and provide trend analysis on vulnerabilities, severity levels, and other issues.
  • Prepare and present weekly EPVG briefing materials, including:
    • Cyber Hygiene SIR ticket status - Slide
    • Risky Service SIR updates
    • Vulnerability Disclosure Program ticket status
    • CISA Web Application Scanning findings by mission area
    • Outstanding SIR tickets from 2023 onward with ongoing remediation follow-up
  • Provide weekly status updates to the CDMB team on all open SIR tickets, highlighting any items older than 30 days.
  • Participate in SIR ticket call rotation and work on SOPs and process updates.
  • Engage with mission areas to address unresolved issues, including web application vulnerabilities and outstanding CVEs.


Qualifications

  • Must be eligible to obtain a federal security clearance (US Citizenship Required)
  • 4-year college degree in Computer Science or related field and 2 years' experience or 5 years' experience in lieu of a college degree.
  • Five (5) years of experience in cybersecurity
  • Experience demonstrating strong analytical, troubleshooting and problem-solving skills for cybersecurity.
  • Knowledge of vulnerability managment lifecycle
  • Ability to perform trend analysis on vulnerability data and severity levels
  • Strong report writing and data visualization skills for briefings and stakeholder updates
  • Experience with Tenable, Nessus and Splunk
  • Knowledge of NIST and FISMA guidelines.
  • Security+ certification

Similar Jobs

More Jobs at Customer Value Partners

More Information Technology Jobs

Find similar Vulnerability Management Specialist jobs: