Description of Task to be Performed:
AnaVation is searching for a Vulnerability Manager to assist client leadership with the enterprise vulnerability management program, administering scanning platforms (Tenable and/or Qualys), driving vulnerability analysis and risk prioritization, and delivering reporting to leadership and compliance stakeholders.
Responsibilities:
- Administer and maintain scanning platforms such as Tenable.SC, Qualys and/or application-based scanners, which may include activities such as scan policies, asset groups, credentials scanning, and agent deployment.
- Lead enterprise-wide vulnerability scanning cadence across the network, systems, applications and other dependent assets.
- Analyze scan data, validate findings and false positives, and prioritize based on CVSS, exploitability, and business risk.
- Own and manage POA&M lifecycle, tracking remediation timelines, risk acceptance documentation, and closure validation.
- Develop and deliver weekly vulnerability metrics/dashboards and executive reporting (trend analysis, SLA compliance, risk posture).
- Support ATO and continuous monitoring activities in alignment with NIST 800-53.
- Coordinate remediation with system owners, IT operations, and patch management teams.
- Manage scanner tuning, plugin/signature updates, and platform health.
- Support FISMA reporting requirements. · Interacting with GRC tool (e.g., CSAM) to perform daily/weekly vulnerability analysis.
- Flexible with other security related tasks as needed by the customer.