Vulnerability Management Team Lead

Vulnerability Management Team Lead

Cherokee-Federal Systems, LLC is seeking an experienced cybersecurity professional to lead a risk-driven vulnerability management program across hybrid on-prem and cloud environments. The ideal candidate will possess deep expertise in infrastructure and security tools, apply critical thinking to identify security gaps, and develop and implement security protocols and risk management improvements. The qualified individual will own discovery, triage, remediation, and reporting of the agency's security posture and lead a small team of cybersecurity analysts to drive measurable reductions in vulnerabilities with Tenable for infrastructure, AppScan for applications, and ServiceNow for workflow and governance. Align operations to FISMA, FedRAMP, and CMMC. Drive measurable reduction in exploitability and clean audit outcomes.

Location: Alexandria, VA (Remote)

Key Responsibilities

• Lead end-to-end vulnerability operations: scanning, validation, prioritization, remediation, exceptions, and verification across on-prem, IaaS/PaaS, and SaaS.
• Operate and optimize Tenable (Nessus/Tenable.sc or Tenable.io) for servers, endpoints, network devices, containers, and cloud assets; maintain credentialed scans, schedules, and coverage for both vulnerabilities and configuration audits.
• Manage AppScan for web and API testing; integrate findings into SDLC and DevSecOps workflows; guide developers with reproducible issues and fix recommendations.
• Continue integration of Tenable, Explore/Implement integration of AppScan with ServiceNow Vulnerability Response:
• Autocreate tickets, enrich with asset data from CMDB, assign ownership by CI/service, and track to closure.
• Maintain risk-based SLAs by asset criticality and threat intel; monitor SLA adherence and escalate aging risk.
• Establish cloud-specific controls:
• Use CSP native scanners and posture tools (e.g., AWS Inspector, Azure Defender/Microsoft Defender for Cloud, GCP Security Command Center) and correlate with Tenable.
• Enforce secure configurations with CIS Benchmarks and cloud guardrails; remediate misconfigurations via IaC changes.
• Prioritize with CVSS, CISA KEV, exploit maturity, and exposure context (internet-facing, privileged paths, high-value assets).
• Govern exceptions: risk acceptance with compensating controls, time-bound approvals, and periodic review.
• Produce executive and compliance reporting: exposure trends, SLA performance, time-to-remediate, patch coverage, POA&Ms, and audit artifacts aligned to FISMA/NIST RMF, FedRAMP, and CMMC.
• Partner with SOC/IR to correlate actively exploited vulnerabilities; enable rapid containment for high-risk findings.
• Coordinate patching windows and change management; champion continuous hardening for Windows/Linux, network, databases, and cloud services.
• Mentor analysts; mature automation, data quality, and process discipline; lead tabletop exercises for patching/vuln scenarios.

Required Qualifications

• 6+ years in cybersecurity with 3+ years leading vulnerability management in hybrid on-prem/cloud environments.
• Hands-on expertise with Tenable (Nessus/Tenable.sc or Tenable.io), AppScan, and ServiceNow Vulnerability Response/CMDB integration.
• Strong grasp of CVE/CVSS, CISA KEV, exploit kits, and modern attack paths; able to translate technical risk to business impact.
• Familiarity with DAST, SAST, CI/CD and Cloud Assessments.
• Proven remediation leadership across Windows/Linux, network devices, containers, and cloud workloads (AWS/Azure/GCP).
• Experience aligning programs to FISMA (NIST View phone number on click.appcast.io RMF), FedRAMP baselines, and CMMC practices.
• Metrics and reporting proficiency: exposure reduction, SLA compliance, MTTR for vulnerabilities, patch cadence, and POA&M management.
• Clear, direct communicator comfortable with executive briefings and cross-functional coordination.

Preferred Qualifications

• Certifications: Security+, CySA +, CISSP, CEH, GCSA, GCPN; Tenable or ServiceNow VR certifications; AppSec certs (GWAPT) a plus.
• Experience integrating Tenable with ServiceNow VR, CMDB, and change management; familiarity with Jira for developer workflows.
• Knowledge of CIS Benchmarks, NIST 80053, 80040 (patch), 80063, FedRAMP PMO guidance, and cloud security patterns.
• Scripting/automation (Python, PowerShell) for data normalization, ticket enrichment, API integrations, and reporting.

Key Competencies

• Accountability and speed under pressure.
• Analytical rigor and validation discipline.
• Operational excellence and automation mindset.
• Crisp communication for technical and executive audiences.
• Collaborative leadership across security, IT ops, cloud, and development.

What Success Looks Like

• Faster time-to-remediate against risk-based SLAs; measurable reduction of critical/high exposure across on-prem and cloud.
• Accurate asset inventory, clean CMDB linkage, and high scan coverage with low false positives.
• Audit-ready evidence with strong POA&M management and clear control effectiveness.
• Executive visibility into vulnerability risk, trends, and remediation velocity.