Haystack
← Back to Jobs
Remote
Other

FLG -368 - Senior Vulnerability Management Specialist- Remote (EST Time Zone)

Floga technologiesUnited States🇺🇸United StatesPosted 15 Jul 2026

Quick Overview

Work Type
Remote
Level
Mid Senior

Job Description

Hello,

Good afternoon,

I'm Shiva from Floga Technologies. We are a growing IT services organization delivering scalable technology solutions, and we are expanding our team with qualified talent.

We have an immediate opening for a Senior Vulnerability Management Specialist with strong hands-on experience to support a long-term engagement with our client. Must collaborate effectively with cross-functional teams to deliver high-quality solutions.

Job Title: Senior Vulnerability Management Specialist

Location: 100% Remote (must be flexible to work in EST Time Zone)

Experience: 6-10 Years

Clearance: Able to get clearance

Role Description:

  • The Senior Vulnerability Management Specialist will support the planning, operation, modernization, and continuous improvement of the Vulnerability Management and Contingency Planning Programs.

Responsibilities may include:

  • Manage the vulnerability management program in line with DHS CDM, NIST SP 800-137, NIST SP 800-53 (RA-5, SA-11), BOD 18-01, and CISA Cyber Hygiene Services.
  • Conduct vulnerability assessments across systems, cloud, containers, and IaC; track findings through remediation and closure.
  • Develop and maintain POA&Ms in CSAM (or comparable GRC system), integrating findings with SIEM and ticketing platforms like ServiceNow.
  • Assess CI/CD pipeline security and policy-as-code controls to catch vulnerabilities early in development.
  • Apply NIST RMF and SP 800-53 controls to support risk assessment, FISMA compliance, and adherence to CISA BODs and OMB guidance.
  • Support FISMA, OIG, GAO, and independent security audits with documentation and evidence.
  • Author SOPs, playbooks, policies, and risk reports; maintain enterprise vulnerability management tools.
  • Brief technical and executive stakeholders on risk findings, and coordinate remediation with cross-functional and government teams.

Required Qualifications & Education:

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related technical discipline.
  • Minimum 6 to 10+ years of progressively responsible experience in Working knowledge of DHS CDM Program requirements, NIST SP 800-137 (Information Security Continuous Monitoring), NIST SP 800-53 controls (in particular RA-5 and SA-11), DHS BOD 18-01, and CISA Cyber Hygiene Services.
  • Experience supporting POA&M development, remediation tracking, and closure within Cyber Security Assessment and Management (CSAM) or a comparable governance, risk, and compliance system.
  • Experience with Cloud and cloud-native vulnerability scanning, including container image and Infrastructure-as-Code (IaC) assessment.
  • Familiarity with CI/CD pipeline security controls and policy-as-code enforcement.

Experience integrating vulnerability data with SIEM and ticketing platforms such as ServiceNow.

  • Familiarity with the client Technology Standards and Products Guide and client Lifecycle Management Methodology (LMM).

  • Working knowledge of:

o NIST Risk Management Framework (RMF)

o NIST SP 800-53 Security Controls

o Federal Information Security Modernization Act (FISMA)

o CISA Binding Operational Directives (BODs)

o OMB cybersecurity guidance

  • Experience conducting vulnerability assessments, security analysis, remediation tracking, and risk reporting.
  • Experience supporting security audits, including FISMA, OIG, GAO, or independent assessments.
  • Experience developing technical documentation such as Standard Operating Procedures (SOPs), implementation guides, playbooks, policies, and reports.
  • Experience using enterprise vulnerability management and security assessment tools.
  • Strong analytical, organizational, and problem-solving skills with the ability to manage multiple priorities.
  • Excellent written and verbal communication skills with experience presenting technical information to technical and executive audiences.
  • Experience collaborating with cross-functional teams, stakeholders, and government customers.
  • Working knowledge of DHS CDM Program requirements, NIST SP 800-137 (Information Security Continuous Monitoring), NIST SP 800-53 controls (in particular RA-5 and SA-11), DHS BOD 18-01, and CISA Cyber Hygiene Services.
  • Experience supporting POA&M development, remediation tracking, and closure within Cyber Security Assessment and Management (CSAM) or a comparable governance, risk, and compliance system.

Preferred Technical Experience

  • Experience with one or more of the following technologies is highly desirable:
  • Tenable Nessus
  • OWASP
  • Microsoft Power BI
  • Microsoft Teams
  • SharePoint
  • Splunk
  • Governance, Risk & Compliance (GRC) platforms
  • Agile project management tools

Preferred Certifications

  • Certified Information Security Manager (CISM)
  • CompTIA Security+
  • Other industry-recognized cybersecurity certifications relevant to vulnerability management, risk management, or information security.

Clearance and Location Requirements:

  • Able to be cleared for a Public Trust clearance.
  • This is a remote position.

Skills

OWASP
Splunk
Agile
Compliance
Continuous Improvement
Power BI
Risk Assessment
Risk Management
ServiceNow

Similar jobs