Vulnerability Management

Job Family:

Travel Required:

Clearance Required:

What You Will Do:

• Lead vulnerability management operations, ensuring alignment with BOD 22-01 and federal cybersecurity mandates.
• Manage, monitor, and report vulnerabilities across NIH/HHS systems using tools such as / , and coordinate timely remediation activities.
• Develop vulnerability prioritization models based on risk, exposure, and asset criticality.
• Ensure compliance with patching timelines and federal vulnerability directives.
• Collaborate with infrastructure, cloud, and application teams to validate remediation actions.

• Enhance and maintain SecOps workflows through automation and dashboard development.
• Utilize Power BI, Python, and Power Automate (or similar tools) to automate reporting, trend analysis, and compliance tracking.
• Develop API integrations with vulnerability management tools (e.g., Tenable, Splunk, ServiceNow, or CSAM) for real-time monitoring dashboards.
• Support automation of vulnerability data ingestion and normalization across multiple environments (cloud and on-premises).

• Ensure continuous compliance with CISA's Binding Operational Directive (BOD) 22-01, NIST SP 800-53, and FISMA requirements.
• Work closely with Risk Management Framework (RMF) and SA&A teams to align vulnerability findings with system security plans (SSPs), POA&Ms, and ATO documentation.
• Support preparation of reports for leadership and federal oversight bodies.

• Build and maintain interactive Power BI dashboards that visualize vulnerabilities, risk posture, remediation progress, and compliance trends.
• Translate technical findings into executive-level risk summaries.
• Develop KPI and SLA metrics for vulnerability closure rates, asset risk scoring, and compliance tracking.

• Communicate complex technical information clearly to both technical and non-technical audiences.
• Collaborate with cross-functional teams (IT Operations, Cloud Engineering, Privacy, and Compliance).
• Provide status briefings and vulnerability insights to leadership.

• Monthly Vulnerability & Risk Posture Reports.
• Automated Power BI dashboard connected to vulnerability management and GRC systems.
• Vulnerability Management SOPs and process documentation.
• POA&M updates tied to vulnerability findings.
• CISA BOD 22-01 compliance tracking reports.

What You Will Need:

• Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred
• Experience: 4–6 years of cybersecurity or IT risk management experience, with at least 3 years focused on vulnerability management or SecOps.
• Tools: Hands-on experience with Tenable (Nessus, , or ); familiarity with other tools (BigFix, Splunk, Sentinel, CSAM) preferred.
• Knowledge: Deep understanding of BOD 22-01, NIST 800-53, and FISMA requirements.
• Technical Skills: - Power BI (data modeling, report building, DAX formulas) - Power Automate / Python / API scripting for automation - Windows and Linux vulnerability management  - Cloud security concepts (AWS, Azure, or Google Cloud)
• Certifications: Active CompTIA Security+ CE required. Other certifications (CISSP, CEH, or cloud-related) are a plus.
• Soft Skills: Strong communication and analytical thinking; ability to manage multiple concurrent priorities and deadlines.
• Onsite: Expected 1-2 days onsite at client site (Bethesda, MD)

What Would Be Nice To Have:

• Experience developing automated data pipelines or integrating Tenable APIs into Power BI dashboards.
• Familiarity with ServiceNow Vulnerability Response, CSAM, or Splunk Security Essentials.
• Knowledge of MITRE ATT&CK framework and vulnerability prioritization methodologies (e.g., EPSS, CVSS v3).
• Prior experience within a federal or HHS environment.

What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical, Rx, Dental & Vision Insurance

• Personal and Family Sick Time & Company Paid Holidays

• Parental Leave

• 401(k) Retirement Plan

• Group Term Life and Travel Assistance

• Voluntary Life and AD&D Insurance

• Health Savings