Vulnerability Management Team Lead

Vulnerability Management Team Lead

Location: Alexandria, VA ( Remote) Clearance: Public Trust Employment Type: Full-time

Overview

Cherokee-Federal Systems, LLC is seeking an experienced cybersecurity professional to lead a risk - driven vulnerability management program across hybrid on - prem and cloud environments. The ideal candidate will possess deep expertise in infrastructure and security tools, apply critical thinking to identify security gaps, and develop and implement security protocols and risk management improvements. The qualified individual will own discovery, triage, remediation, and reporting of the agency's security posture and lead a small team of cybersecurity analysts to drive measurable reductions in vulnerabilities with Tenable for infrastructure, AppScan for applications, and ServiceNow for workflow and governance. Align operations to FISMA, FedRAMP, and CMMC. Drive measurable reduction in exploitability and clean audit outcomes.

Key Responsibilities

• Lead endtoend vulnerability operations: scanning, validation, prioritization, remediation, exceptions, and verification across onprem , IaaS/PaaS, and SaaS.
• Operate and optimize Tenable (Nessus/Tenable.sc or Tenable.io) for servers, endpoints, network devices, containers, and cloud assets; maintain credentialed scans, schedules, and coverage for both vulnerabilities and configuration audits.
• Manage AppScan for web and API testing; integrate findings into SDLC and DevSecOps workflows; guide developers with reproducible issues and fix recommendations.
• Continue integration of Tenable, Explore/Implement integration of AppScan with ServiceNow Vulnerability Response:
• Autocreate tickets, enrich with asset data from CMDB, assign ownership by CI/service, and track to closure.
• Maintain riskbased SLAs by asset criticality and threat intel; monitor SLA adherence and escalate aging risk.
• Establish cloudspecific controls:
• Use CSP native scanners and posture tools (e.g., AWS Inspector, Azure Defender/Microsoft Defender for Cloud, GCP Security Command Center) and correlate with Tenable.
• Enforce secure configurations with CIS Benchmarks and cloud guardrails; remediate misconfigurations via IaC changes.
• Prioritize with CVSS, CISA KEV, exploit maturity, and exposure context ( internetfacing , privileged paths, highvalue assets).
• Govern exceptions: risk acceptance with compensating controls, timebound approvals, and periodic review.
• Produce executive and compliance reporting: exposure trends, SLA performance, timetoremediate , patch coverage, POA&Ms, and audit artifacts aligned to FISMA/NIST RMF, FedRAMP, and CMMC.
• Partner with SOC/IR to correlate actively exploited vulnerabilities; enable rapid containment for highrisk findings.
• Coordinate patching windows and change management; champion continuous hardening for Windows/Linux, network, databases, and cloud services.
• Mentor analysts; mature automation, data quality, and process discipline; lead tabletop exercises for patching/vuln scenarios.

Required Qualifications

• 6+ years in cybersecurity with 3+ years leading vulnerability management in hybrid onprem /cloud environments.
• Handson expertise with Tenable (Nessus/Tenable.sc or Tenable.io), AppScan , and ServiceNow Vulnerability Response/CMDB integration.
• Strong grasp of CVE/CVSS, CISA KEV, exploit kits, and modern attack paths; able to translate technical risk to business impact.
• Familiarity with DAST, SAST, CI/CD and Cloud Assessments.
• Proven remediation leadership across Windows/Linux, network devices, containers, and cloud workloads (AWS/Azure/GCP).
• Experience aligning programs to FISMA (NIST 80053/80037 RMF), FedRAMP baselines, and CMMC practices.
• Metrics and reporting proficiency: exposure reduction, SLA compliance, MTTR for vulnerabilities, patch cadence, and POA&M management.
• Clear, direct communicator comfortable with executive briefings and crossfunctional coordination.

Preferred Qualifications

• Certifications: Security+, CySA +, CISSP, CEH, GCSA, GCPN; Tenable or ServiceNow VR certifications; AppSec certs (GWAPT) a plus.
• Experience integrating Tenable with ServiceNow VR, CMDB, and change management; familiarity with Jira for developer workflows.
• Knowledge of CIS Benchmarks, NIST 80053, 80040 (patch), 80063, FedRAMP PMO guidance, and cloud security patterns.
• Scripting/automation (Python, PowerShell) for data normalization, ticket enrichment, API integrations, and reporting.

Key Competencies

• Accountability and speed under pressure.
• Analytical rigor and validation discipline.
• Operational excellence and automation mindset.
• Crisp communication for technical and executive audiences.
• Collaborative leadership across security, IT ops, cloud, and development.

What Success Looks Like

• Faster timetoremediate against riskbased SLAs; measurable reduction of critical/high exposure across onprem and cloud.
• Accurate asset inventory, clean CMDB linkage, and high scan coverage with low false positives.
• Auditready evidence with strong POA&M management and clear control effectiveness.
• Executive visibility into vulnerability risk, trends, and remediation velocity.

Keywords (5)

• Vulnerability Management
• Tenable / Nessus
• AppScan
• ServiceNow (VR/CMDB)
• CVSS / Risk Scoring

Similar Job Titles (5)

• Vulnerability Management Lead
• Vulnerability Analyst
• Cybersecurity Engineer
• Security Operations Lead
• Information Security Manager

Company Information:

Cherokee Nation System Solutions (CNSS) is a part of Cherokee Federal - the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government's mission with compassion and heart. To learn more about CNSS , visit cherokee-federal.com.

#CherokeeFederal #LI-SM2 #AppC

Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.

Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request.

Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.