Security LEAD (Vulnerability Management)

Key Responsibilities

1. Vulnerability Inventory & Baseline Establishment

• Review existing vulnerability data from scans, assessments, and security tools
• Establish and maintain a centralized vulnerability baseline
• Develop and document risk-based remediation timelines, considering vulnerability aging and current risk posture

2. Risk Classification & Prioritization

• Categorize and prioritize vulnerabilities based on severity, exploitability, risk level, and operational impact
• Ensure alignment with National Institute of Standards and Technology (NIST) guidelines
• Validate that remediation timelines align with Agency-defined SLAs for each risk category

3. Remediation Coordination & Communication

• Coordinate remediation efforts with system, server, and application owners
• Communicate clear expectations, timelines, and risk context to stakeholders
• Track remediation progress and identify dependencies, blockers, and delays
• Escalate critical, high-risk, or overdue vulnerabilities in accordance with Agency governance processes

4. Tracking, Metrics & Reporting

• Maintain continuous tracking of vulnerability remediation activities
• Generate regular status reports, including:
  • Vulnerability status (open vs. closed)
  • Aging and risk trends
  • Remediation performance metrics

5. Validation & Closure

• Validate remediation through scan results and supporting evidence
• Confirm closure of vulnerabilities within tracking systems
• Ensure unresolved vulnerabilities are formally documented with approved risk acceptance or exception records, per Agency policy

6. Program Improvement Support

• Identify process gaps, systemic issues, and control weaknesses
• Recommend improvements to enhance remediation efficiency, governance, and accountability
• Ensure alignment with NIST standards and Agency policies

Why Join Us?
InstantServe  offers a dynamic work environment where you can make a significant impact on the healthcare industry. We provide competitive compensation, opportunities for professional growth, and a supportive team culture. All your information will be kept confidential according to EEO guidelines.