user avatar

Vulnerability Management Lead

ECS

Posted today

Job Requirements

VA
Public Trust Polygraph Unspecified
Career Level not specified
$115,000 - $135,000

Job Description

Job Description
Everforth ECS is seeking a Remote Vulnerability Management Lead who lives in close proximity to the National Capital Region (NCR) to join a premier, enterprise-scale cybersecurity program supporting a major federal civilian agency.

Please Note: This position is contingent upon contract award.

Salary Range: $115,000 - $135,000

This flagship initiative unifies 24x7x365 Security Operations (SOC), proactive threat hunting, and advanced Security Engineering and Architecture into a cohesive defensive mission. As a key leader on this program, you will drive the protection of highly sensitive, national-level financial and personally identifiable information (PII). You will be at the forefront of modernizing the agency's cyber posture, implementing advanced automation, and ensuring continuous operational resilience across a massive, highly complex federal IT enterprise.

As the Vulnerability Management Lead, you will serve as the principal technical authority for enterprise vulnerability identification, prioritization, and remediation across a large-scale federal civilian environment. Working closely with Information System Security Officers (ISSOs), Information System Owners (ISOs), compliance teams, and engineering personnel. You will drive a proactive, risk-based approach to vulnerability management, delivering measurable reductions in the agency's attack surface while ensuring continuous alignment with federal compliance requirements.

Position Responsibilities:
  • Oversee enterprise vulnerability scanning operations, remediation tracking, and stakeholder communication with POA&M support across the program.
  • Coordinate with ISOs, ISSOs, compliance, and engineering teams to identify, prioritize, and close security gaps in a timely and risk-informed manner.
  • Leads ATO, POA&M and continuous monitoring activities.
  • Develop and maintain dashboards and metrics to provide real-time visibility into vulnerability management posture, trends, and remediation progress.
  • Produce compliance reports and vulnerability governance data to support continuous monitoring, audit readiness, and cybersecurity decision-making.
  • Manage integration of vulnerability management tools including Tenable, AquaSec, and the Continuous Diagnostics and Mitigation (CDM) program into enterprise workflows.
  • Apply risk-based prioritization methodologies to ensure the most critical vulnerabilities are addressed in alignment with agency risk tolerance and compliance requirements.
  • Support the review and maintenance of Plans of Action & Milestones (POA&Ms), ensuring timely and accurate tracking of identified vulnerabilities and remediation activities.
  • Collaborate with SOC, threat hunting, and security engineering teams to correlate vulnerability data with active threat intelligence and hunting findings.
  • Present vulnerability management findings, risk recommendations, and program metrics to both technical teams and senior government officials in a clear, actionable format.
  • Develop and refine vulnerability management policies, procedures, and standard operating procedures to ensure alignment with federal regulations and agency requirements.

Support continuous monitoring activities and provide input into the overall security posture of the agency's federal IT enterprise.
Required Skills
  • US. Citizenship required.
  • 6+ years of cybersecurity experience, with demonstrated expertise in vulnerability management, operating systems, and networking.
  • Remote but within close proximity to the NCR.
  • Active Public Trust 6c clearance, or the ability to obtain and maintain one.
  • At least one of the following certifications: GCIH, CISSP, CISM, or CRISC.
  • Hands-on experience with Tenable, AquaSec, and CDM integration in a federal or enterprise environment.
  • Strong understanding of federal compliance frameworks including NIST RMF, NIST SP 800-53, FISMA, and FedRAMP requirements.
  • Experience developing and maintaining POA&Ms and supporting remediation tracking within federal information system environments.
  • Demonstrated ability to coordinate cross-functional teams, including ISOs, ISSOs, compliance, and engineering stakeholders, to drive vulnerability remediation efforts.
  • Proven ability to translate complex technical vulnerability findings into clear, actionable language for both technical and executive audiences.
  • Strong written and verbal communication skills, with a track record of producing high-quality federal security documentation.
Desired Skills
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent professional experience.
  • One of the following certifications
    • Certified Information Systems Auditor (CISA)
    • Tenable Certified Security Engineer or equivalent
    • AWS Cloud Practitioner or higher, with AWS GovCloud experience desired
  • CompTIA Security+ or equivalent
  • Familiarity with federal cybersecurity governance frameworks including IRS Publication 1075 and OMB compliance requirements.
  • Prior experience working on large-scale federal civilian agency programs with complex, multi-stakeholder environments.
  • Experience with cloud-native vulnerability management in AWS GovCloud or Azure Government environments.
  • Ability to provide strategic guidance that enhances and optimizes an agency's overall information security and vulnerability management posture.
  • Experience developing vulnerability management dashboards using tools such as Splunk, Elasticsearch, or agency-specific reporting platforms.
  • Knowledge of DevSecOps pipelines and the integration of vulnerability scanning within CI/CD workflows.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:
  • Attracting and developing top talent and high-performing teams
  • Fostering a culture that is engaging, accountable, and mission-driven


Meet the challenge. Make a difference with Everforth ECS!
group id: 10112231A
Find ECS on Social Media
Recruiters
user avatar
About Us
ECS, a key segment of ASGN Incorporated, is a trusted IT systems integrator serving government agencies. ECS provides modern digital solutions that enable fast and efficient decision making and support the effective execution of government agency operations. ECS’ leading-edge AI, cybersecurity, and open data management solutions boost collaboration, innovation, and worker productivity, improve employee and customer experiences, and protect critical agency data and assets.

ECS Jobs


Job Category
IT - Security
Clearance Level
Public Trust
Employer
ECS