Haystack
← Back to Jobs
Other

Senior Vulnerability Management Specialist

STAFFXPERT LLCUnited States🇺🇸United StatesPosted 15 Jul 2026

Quick Overview

Work Type
Hybrid
Level
Mid Senior

Job Description

Senior Vulnerability Management Specialist

Location: Remote


Job Summary


STAFFXPERT LLC is seeking a Senior Vulnerability Management Specialist on behalf of our client in a Remote location. This position is ideal for an experienced cybersecurity professional with a strong background in enterprise vulnerability management, federal cybersecurity frameworks, cloud security, and governance, risk, and compliance (GRC). The successful candidate will play a key role in strengthening the organization''s security posture by leading vulnerability assessments, driving remediation efforts, supporting compliance initiatives, and collaborating with cross-functional stakeholders to ensure continuous improvement of enterprise security programs.


Key Responsibilities
  • Lead and manage enterprise vulnerability management activities in accordance with industry and federal cybersecurity standards.
  • Conduct vulnerability assessments across on-premises systems, cloud environments, containerized workloads, and Infrastructure-as-Code (IaC) deployments.
  • Track security findings through remediation, validation, and closure while maintaining accurate documentation.
  • Develop and manage Plans of Action and Milestones (POA&Ms) using CSAM or comparable Governance, Risk, and Compliance (GRC) platforms.
  • Integrate vulnerability data with SIEM and IT service management platforms to streamline remediation workflows.
  • Assess CI/CD pipeline security and implement policy-as-code practices to identify vulnerabilities early in the software development lifecycle.
  • Apply NIST Risk Management Framework (RMF) and security controls to support risk assessments, compliance initiatives, and continuous monitoring.
  • Support internal and external security audits by preparing documentation, evidence, and remediation plans.
  • Develop and maintain security documentation, including standard operating procedures, implementation guides, playbooks, policies, and risk reports.
  • Present technical findings and risk recommendations to both technical teams and executive leadership.
  • Collaborate with cross-functional teams to ensure timely resolution of identified security risks.
Required Qualifications
  • Bachelor''s degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related technical discipline.
  • 6+ years of experience in cybersecurity, vulnerability management, information security, or a related field.
  • Strong experience with enterprise vulnerability management programs and security assessment processes.
  • Hands-on experience performing vulnerability assessments across cloud, containerized, and traditional infrastructure environments.
  • Experience managing remediation efforts and POA&Ms using CSAM or comparable GRC platforms.
  • Working knowledge of NIST Risk Management Framework (RMF), NIST SP 800-53 Security Controls, and Information Security Continuous Monitoring practices.
  • Experience supporting compliance initiatives and security audits.
  • Familiarity with CI/CD security, Infrastructure-as-Code (IaC), and policy-as-code implementations.
  • Experience integrating vulnerability management tools with SIEM and IT service management platforms such as ServiceNow.
  • Strong analytical, organizational, and problem-solving skills.
  • Excellent written and verbal communication skills with the ability to communicate effectively with both technical and business stakeholders.

Preferred Qualifications
  • Experience with vulnerability management and security tools such as Tenable Nessus, Splunk, and Governance, Risk & Compliance (GRC) platforms.
  • Familiarity with OWASP security principles and cloud-native security practices.
  • Experience using Microsoft Power BI, Microsoft Teams, and SharePoint.
  • Knowledge of Agile project management methodologies.
  • Professional cybersecurity certifications such as Certified Information Security Manager (CISM), CompTIA Security+, or other relevant industry certifications.

Skills

OWASP
Splunk
Agile
Compliance
Continuous Improvement
Power BI
Risk Management
ServiceNow

Similar jobs