FLG -368 - Senior Vulnerability Management Specialist- Remote (EST Time Zone)
Quick Overview
Job Description
Hello,
Good afternoon,
I'm Shiva from Floga Technologies. We are a growing IT services organization delivering scalable technology solutions, and we are expanding our team with qualified talent.
We have an immediate opening for a Senior Vulnerability Management Specialist with strong hands-on experience to support a long-term engagement with our client. Must collaborate effectively with cross-functional teams to deliver high-quality solutions.
Job Title: Senior Vulnerability Management Specialist
Location: 100% Remote (must be flexible to work in EST Time Zone)
Experience: 6-10 Years
Clearance: Able to get clearance
Role Description:
- The Senior Vulnerability Management Specialist will support the planning, operation, modernization, and continuous improvement of the Vulnerability Management and Contingency Planning Programs.
Responsibilities may include:
- Manage the vulnerability management program in line with DHS CDM, NIST SP 800-137, NIST SP 800-53 (RA-5, SA-11), BOD 18-01, and CISA Cyber Hygiene Services.
- Conduct vulnerability assessments across systems, cloud, containers, and IaC; track findings through remediation and closure.
- Develop and maintain POA&Ms in CSAM (or comparable GRC system), integrating findings with SIEM and ticketing platforms like ServiceNow.
- Assess CI/CD pipeline security and policy-as-code controls to catch vulnerabilities early in development.
- Apply NIST RMF and SP 800-53 controls to support risk assessment, FISMA compliance, and adherence to CISA BODs and OMB guidance.
- Support FISMA, OIG, GAO, and independent security audits with documentation and evidence.
- Author SOPs, playbooks, policies, and risk reports; maintain enterprise vulnerability management tools.
- Brief technical and executive stakeholders on risk findings, and coordinate remediation with cross-functional and government teams.
Required Qualifications & Education:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related technical discipline.
- Minimum 6 to 10+ years of progressively responsible experience in Working knowledge of DHS CDM Program requirements, NIST SP 800-137 (Information Security Continuous Monitoring), NIST SP 800-53 controls (in particular RA-5 and SA-11), DHS BOD 18-01, and CISA Cyber Hygiene Services.
- Experience supporting POA&M development, remediation tracking, and closure within Cyber Security Assessment and Management (CSAM) or a comparable governance, risk, and compliance system.
- Experience with Cloud and cloud-native vulnerability scanning, including container image and Infrastructure-as-Code (IaC) assessment.
- Familiarity with CI/CD pipeline security controls and policy-as-code enforcement.
Experience integrating vulnerability data with SIEM and ticketing platforms such as ServiceNow.
- Familiarity with the client Technology Standards and Products Guide and client Lifecycle Management Methodology (LMM).
- Working knowledge of:
o NIST Risk Management Framework (RMF)
o NIST SP 800-53 Security Controls
o Federal Information Security Modernization Act (FISMA)
o CISA Binding Operational Directives (BODs)
o OMB cybersecurity guidance
- Experience conducting vulnerability assessments, security analysis, remediation tracking, and risk reporting.
- Experience supporting security audits, including FISMA, OIG, GAO, or independent assessments.
- Experience developing technical documentation such as Standard Operating Procedures (SOPs), implementation guides, playbooks, policies, and reports.
- Experience using enterprise vulnerability management and security assessment tools.
- Strong analytical, organizational, and problem-solving skills with the ability to manage multiple priorities.
- Excellent written and verbal communication skills with experience presenting technical information to technical and executive audiences.
- Experience collaborating with cross-functional teams, stakeholders, and government customers.
- Working knowledge of DHS CDM Program requirements, NIST SP 800-137 (Information Security Continuous Monitoring), NIST SP 800-53 controls (in particular RA-5 and SA-11), DHS BOD 18-01, and CISA Cyber Hygiene Services.
- Experience supporting POA&M development, remediation tracking, and closure within Cyber Security Assessment and Management (CSAM) or a comparable governance, risk, and compliance system.
Preferred Technical Experience
- Experience with one or more of the following technologies is highly desirable:
- Tenable Nessus
- OWASP
- Microsoft Power BI
- Microsoft Teams
- SharePoint
- Splunk
- Governance, Risk & Compliance (GRC) platforms
- Agile project management tools
Preferred Certifications
- Certified Information Security Manager (CISM)
- CompTIA Security+
- Other industry-recognized cybersecurity certifications relevant to vulnerability management, risk management, or information security.
Clearance and Location Requirements:
- Able to be cleared for a Public Trust clearance.
- This is a remote position.
Skills
Similar jobs
Specialist/Sr Specialist, Pilot Recruitment Operations
American Airlines · Fort Worth, United States
3 minutes agoRetail Reset Merchandiser
SAS Retail Services · Fuquay Varina, United States
13 minutes ago$15/hrRetail Reset Merchandiser
SAS Retail Services · New Hill, United States
13 minutes ago$15/hrRetail Reset Merchandiser
SAS Retail Services · Apex, United States
13 minutes ago$15/hrRetail Reset Merchandiser
SAS Retail Services · Durham, United States
13 minutes ago$15/hrRetail Reset Merchandiser
SAS Retail Services · Raleigh, United States
13 minutes ago$15/hr