Vulnerability Management Lead

Valiant Solutions is seeking a Vulnerability Management Lead to join our rapidly growing and innovative cybersecurity team!

The Vulnerability Management Lead directs client's vulnerability management program across the Continuous Diagnostics and Mitigation (CDM), Web Application Surveillance Program (WASP), and Cyber Hygiene workstreams within the Cybersecurity Services Division. The lead owns the end-to-end process from discovery and scanning through remediation tracking and Plan of Action and Milestones (POA&M) closure, working across Information System Owners (ISOs), Information System Security Officers (ISSOs), the Policy, Risk & Compliance branch, and engineering teams. The role produces the dashboards, metrics, and reporting that give client leadership a current view of agency risk and progress against remediation targets.

Named one of the Best Places to Work in the Washington DC area for 12 consecutive years, Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now!

Location: The Vulnerability Management Lead can expect 100% telework. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below. 

Eligibility Requirements: U.S. Citizenship is required due to federal contract obligations, along with the ability to successfully pass a federal background investigation.

Required Experience:

• Six or more years of cybersecurity experience, including hands-on work with operating systems (Windows, Linux) and networking (TCP/IP, routing, firewalls, segmentation).
• At least one of the following certifications: GCIH, CISSP, CISM, or CRISC.
• Hands-on experience with Tenable (Tenable ONE, Nessus, or Tenable.io), AquaSec, and CDM integration in a federal or large enterprise environment.
• Working knowledge of DHS CDM Program requirements, NIST SP 800-137 (Information Security Continuous Monitoring), NIST SP 800-53 controls (in particular RA-5 and SA-11), DHS BOD 18-01, and CISA Cyber Hygiene Services.
• Experience supporting POA&M development, remediation tracking, and closure within Cyber Security Assessment and Management (CSAM) or a comparable governance, risk, and compliance system.
• Demonstrated ability to build dashboards and metrics that translate scan output into prioritized, executable remediation work for technical and executive audiences.
• Strong written and verbal communication skills, with the ability to coordinate across ISOs, ISSOs, compliance, and engineering stakeholders.
• Required to obtain and maintain a Non-Sensitive / High Risk (Public Trust) security clearance, Tier 4/6c.

Preferred Qualifications:

• Experience with AWS GovCloud and cloud-native vulnerability scanning, including container image and Infrastructure-as-Code (IaC) assessment.
• Familiarity with CI/CD pipeline security controls and policy-as-code enforcement.
• Experience integrating vulnerability data with SIEM and ticketing platforms such as ServiceNow.
• Familiarity with the client Technology Standards and Products Guide and client Lifecycle Management Methodology (LMM).

Responsibilities:

• Oversee enterprise vulnerability scanning across infrastructure, web applications, containers, and cloud workloads using Tenable ONE, AquaSec, and integrated CDM tooling.
• Direct remediation tracking from finding to closure, including communication and coordination with POA&M support within the Policy, Risk & Compliance branch.
• Coordinate with ISOs, ISSOs, compliance teams, and engineering teams to triage findings, assign ownership, and close gaps within agency and federal timelines.
• Lead Cyber Hygiene activities, including weekly scans of internet-facing interfaces and URLs, review of CISA Cyber Hygiene reports, and distribution of issue reports to ISSOs within two business days of receipt.
• Maintain the authoritative inventory of externally facing IPs and URLs, updated in real time and reconciled monthly.
• Monitor digital certificate expiration, generate alerts 30 days prior to expiration, and escalate unresolved items within 10 days.
• Lead WASP activities, including static and dynamic scans of client web applications in development and production environments, vendor plugin updates, and integration of CISA Known Exploited Vulnerabilities (KEVs) into scan coverage.
• Deliver threat modeling analysis for critical applications and ensure WASP findings feed remediation and Cyber Hygiene dashboards.
• Operate and maintain the CDM integration layer and ensure CDM data flows into SIEM for centralized visibility, supporting the Vulnerability (VUL) capability area and AWARE-based prioritization.
• Develop and maintain dashboards and metrics for vulnerability management, including remediation cycle time, scan coverage, KEV exposure, certificate health, and POA&M aging.
• Coordinate with OCIO, Cyber Risk, client Vulnerability Management, and the DHS CDM PMO on program reporting and integration changes.
• Update Vulnerability Management standard operating procedures, playbooks, and runbooks at least quarterly, or sooner when a gap or improvement is identified, with major changes reviewed by the Change Control Board.

About Valiant Solutions

Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skill set. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

Benefits Snapshot (includes, but not limited to)
Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees
Valiant contributes 25% towards Health Coverage for Family and Dependents
100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees
100% Paid Certifications
401K Matching up to 4%
Paid Time Off
Paid Federal Holidays
Wellness & Fitness Program
Valiant University – Online Education and Training Portal
FSA programs for: Medical Costs, Dependent Care, Transit, and Parking
Referral Bonuses

Remote Work Policy 

Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that align with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and can be required to be on during virtual video conferences. Additionally, in alignment with the Office of the Inspector General’s effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current activities or intent to engage in outside employment or other professional activities and obtain written approval.  Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients.

Equal Employment Opportunity

Valiant Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, marital status, or veteran status, in accordance with applicable law.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Authorization to Share Resume and Personal Information

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.

#LI-JM1