HUD - Vulnerability Management Lead

cFocus Software seeks a Vulnerability Management Lead to join our program supporting Housing and Urban Development (HUD). This position is remote. This position requires a Public Trust clearance.
Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
• 8+ years of experience in vulnerability management, cybersecurity operations, or related discipline.
• Hands-on experience with vulnerability scanning tools (e.g., Tenable, Nessus, Qualys).
• Experience developing and managing POA&Ms in federal environments.

Duties:

• Lead enterprise vulnerability management activities across network, endpoint, application, and cloud environments.
• Monitor cyber threats from government, financial markets, and industry sources to identify potential risks.
• Integrate and manage threat intelligence feeds (CISA, NIST, CVE, vendor advisories) to inform vulnerability prioritization.
• Continuously monitor CISA Known Exploited Vulnerabilities (KEV) catalog and ensure tracking through remediation.
• Conduct regular vulnerability scans using tools such as Tenable across all systems and platforms.
• Ensure comprehensive scanning coverage using automated and manual techniques.
• Analyze scan results to identify, prioritize, and document vulnerabilities based on severity, risk, and exploitability.
• Develop, manage, and track Plans of Action and Milestones (POA&Ms) for vulnerability remediation.
• Coordinate with IT and system administrators to implement remediation plans and validate effectiveness.
• Track remediation progress and ensure vulnerabilities are resolved within required timelines.
• Perform risk assessments to evaluate likelihood, impact, and existing controls.
• Provide recommendations to stakeholders and partner teams to address vulnerabilities.
• Develop and maintain vulnerability management SOPs and integrate with SOC operational procedures.
• Generate monthly vulnerability management reports detailing findings, risk posture, and remediation status.
• Recommend improvements to vulnerability management processes and tools.

Originally posted on Himalayas