Vulnerability Management & Remediation Coordination Lead

Job title: Vulnerability Management & Remediation Coordination Lead

Location: Remote

Duration: Long Term

Responsibilities:
 

Vulnerability Inventory and Baseline Establishment

• Review the Agency’s existing vulnerability data, including vulnerabilities identified through scanning, assessments, or other security tools.
• Establish and maintain a consolidated vulnerability baseline.
• Develop and document a remediation timeline for all identified vulnerabilities, reflecting current risk posture and aging.

Risk Classification and Prioritization

• Ensure that vulnerabilities are categorized and prioritized based on risk, severity, exploitability, and potential impact to Agency operations.
• Align vulnerability classification and prioritization to applicable NIST guidance. 
• Validate that remediation timeframes align with Agency established expectations for different vulnerability risk levels.

Remediation Coordination and Communication

• Coordinate remediation activities with system, server, and application owners.
• Communicate clear remediation expectations, risk context, and required timelines to responsible parties.
• Track remediation progress and identify blockers, dependencies, or delays impacting closure.
• Escalate overdue, high risk, or critical vulnerabilities to appropriate Agency governance or oversight bodies, in accordance with Agency processes.

Tracking, Metrics, and Reporting

• Maintain ongoing tracking of vulnerability remediation status.
• Produce periodic status reports summarizing.

Validation and Closure

• Validate remediation actions through available evidence, including vulnerability scan results or other supporting artifacts.
• Confirm closure of vulnerabilities in tracking systems once remediation is completed and validated.
• Ensure vulnerabilities that cannot be remediated within required timeframes are formally documented and supported by approved risk acceptance or exception documentation, in accordance with Agency policy.

Program Improvement Support

• Identify process gaps, systemic issues, or control weaknesses affecting vulnerability remediation effectiveness.
• Provide recommendations for improving vulnerability remediation processes and accountability, aligned with NIST standards and Agency governance requirements.

Minimum Requirements:

• Minimum 8 years of experience in vulnerability inventory management and baseline establishment
• Minimum 8 years of experience in risk classification and prioritization of vulnerabilities
• Minimum 8 years of experience in tracking and managing vulnerability remediation efforts
• Minimum 8 years of experience in producing detailed status and progress reports
• Minimum 8 years of experience in validating remediation actions using supporting evidence, including vulnerability scan results