Vulnerability Management Lead, Top Secret

Position Summary

The Vulnerability Management Lead oversees teams that delivers comprehensive, standards‑aligned security assessments and validation services across cloud, operational technology OT, industrial control systems (ICS), and enterprise environments identifying vulnerabilities, evaluating control effectiveness, and measuring readiness to strengthen the cybersecurity posture of government and commercial information systems. The successful lead directs tailored test plans (e.g., vulnerability assessments, penetration testing, SOC evaluations, phishing exercises), ensures actionable findings, and prioritized mitigation guidance.

Key Responsibilities

Assessment & Security Validation Leadership

• Oversee teams conducting comprehensive site‑based and remote assessments supporting, vulnerability management, compliance validation, and ad‑hoc inspection needs.

• Ensure detailed assessments of technical and non‑technical controls across cloud, bare‑metal, and OT/ICS systems are aligned to NIST frameworks, Federal guidance, and Cyber Performance Goals.

• Direct tailored test plans.

• Oversee assessments of performance using red‑, blue‑, and purple‑team methodologies.

• Manage automated system and web‑application scanning, phishing assessments, and development of customized plugin policies.

• Enforce clear operational oversight practices—weekly status reports, daily assessment updates, formal kickoffs, and structured out‑briefs.

Remediation Orchestration & Risk Reduction

• Oversee end‑to‑end management of assessment findings—advising system owners on corrective actions and ensuring vulnerabilities are prioritized, fixed, mitigated, or appropriately risk‑accepted (where/when applicable).
• Direct delivery of automated remediation tracking, trend analysis, and documented mitigation strategies.
• Ensure machine‑readable assessment outputs are produced and that CISA‑standard tools, techniques, and procedures.
• Integrate artificial intelligence/machine learning (AI/ML)‑enabled vulnerability discovery and enrichment tools.
• Leverage ML‑driven risk scoring models to support prioritization of remediation actions, incorporating threat intelligence, exploitability indicators, adversary behaviors, and mission impact.
• Implement AI‑assisted analytics to evaluate remediation trends, predict control failures, and provide early warning indicators.
• Employ automated reasoning and natural language processing (NLP) technologies.
• Oversee integration of AI‑powered attack simulation, red‑team automation, and adversary emulation platforms.
• Direct the use of AI‑based anomaly detection and behavior modeling.
• Ensure assessment and remediation workflows are compatible with AI‑enabled orchestration platforms, allowing real‑time synchronization of findings, automated task assignment, and predictive remediation timelines.
• Guide adoption of ML‑assisted configuration baselining and drift detection capabilities that alert teams to deviations from secure architectures and federal benchmarks.
• Promote responsible and compliant use of AI/ML in vulnerability management.

Threat Emulation & Simulation Operations

• Oversee teams that emulate and simulate real‑world threat actors in live and synthetic environments.
• Ensure the creation and operation of realistic, secure, and rapidly reconfigurable emulated network environments for representative cyber‑range experimentation.
• Direct reproduction of adversary behaviors (intelligence‑derived TTPs, open‑source reporting, government-provided data) in test/evaluation environments to improve detection and prevention.
• Oversee red‑ and blue‑team exercises on emulated networks using realistic tools, malware, and tradecraft.
• Ensure adversary behavioral characteristics from emulation activities are collected and transformed into improved analytics, detection logic, and defensive process enhancements.
• Employ ML‑based behavior modeling engines to create adaptive threat actors.
• Use AI‑assisted cyber range orchestration tools to configure, deploy, and reset complex emulated environments, enabling faster test cycles.
• Implement AI/ML analytics to evaluate telemetry captured from emulation and simulation events, identifying defensive blind spots, response gaps, and control weaknesses.
• Leverage machine learning to generate synthetic malware variants, exploit chains, and network behaviors that stress test signature‑based and behavior‑based detection mechanisms.
• Direct the use of autonomous or semi‑autonomous red‑team augmentation tools.
• Incorporate AI‑powered anomaly detection systems into blue‑team exercises to evaluate how effectively defensive tools and analysts.
• Ensure adversary emulation telemetry is transformed into machine‑readable threat intelligence artifacts (e.g., STIX, ATT&CK‑mapped behavioral profiles).

Governance, Reporting & Continuous Improvement

• Maintain continuous communication with system owners and stakeholders.
• Recommend innovative processes and technologies that modernize assessment efficiency and accuracy, enabling scalable methodologies.
• Drive analytic rigor by producing custom testing artifacts and enhancing tooling/processes used across engagements.
• Implement AI‑enabled reporting workflows that automatically transform machine‑readable assessment data into tailored dashboards, executive summaries, and audit‑ready artifacts aligned with federal and CISA reporting standards.
• Employ natural language processing (NLP) tools to analyze assessment narratives, finding trends, common control failures, and opportunities for standardization or process optimization.
• Suggest the integration of AI‑assisted governance tools that predict remediation timelines, estimate risk reduction outcomes, and support decision‑making for prioritizing enterprise‑level mitigation actions.
• Use machine learning to continuously evaluate the effectiveness of assessment methodologies and control validation processes, recommending evidence‑based improvements to increase precision and reduce manual effort.
• Propose the adoption of generative AI tools to prototype new testing artifacts, emulate threat conditions, and accelerate the development of reusable templates that enhance efficiency across teams.
• Ensure responsible, transparent, and auditable use of AI/ML technologies within governance and reporting workflows, aligned with federal AI risk management practices and agency‑specific policies.

Required Qualifications

• Experience overseeing vulnerability management programs and security assessments (cloud, enterprise, OT) for large‑scale federal environments, including penetration testing and SOC evaluation.
• Demonstrated ability to manage remediation workflows, automated tracking, and risk acceptance processes aligned to federal frameworks (e.g., FISMA, NIST) and CISA standards.
• Familiarity with red/blue/purple‑team practices, phishing assessment design, and PoC exploit development to validate controls and detection logic.
• Strong communication and reporting skills (status reports, kickoffs, out‑briefs) with a focus on measurable mission impact.
• 10 years of overall cybersecurity experience with 5 years of management of cybersecurity teams
• Experience integrating AI/ML‑enabled tools into vulnerability discovery, risk scoring, and remediation workflows, including automated analysis pipelines and machine‑readable assessment outputs.
• Demonstrated ability to evaluate and operationalize AI‑assisted threat emulation, automated adversary simulation systems, or model‑driven red‑team augmentation capabilities.
• Familiarity with AI/ML analytics used for detection logic improvement, control effectiveness measurement, and identification of systemic weaknesses across large‑scale enterprise or cloud environments.
• Hands‑on experience using or overseeing AI‑powered reporting and governance workflows, such as automated dashboarding, NLP‑based narrative generation, or predictive remediation analytics.
• Knowledge of federal AI governance and risk management principles (e.g., NIST AI RMF, agency‑specific AI policies) and the ability to ensure responsible, auditable, and compliant use of AI within cybersecurity operations.
• Practical understanding of ML‑driven behavioral analysis, anomaly detection, and adversary behavior modeling tools employed in SOC evaluation, emulation exercises, or continuous monitoring programs.
• Experience managing teams that utilize cyber range automation platforms or AI‑enabled orchestration tools to configure, deploy, and validate secure test environments rapidly and consistently.
• Ability to assess and validate output from AI/ML systems.

Desired Qualifications

• Experience with threat emulation/simulation environments and cyber‑range operations that replicate adversary target spaces.

• Background turning adversary behavior insights into analytics and detection logic enhancements.

• Relevant certifications (e.g., CISSP, OSCP, GPEN, GICSP) and familiarity with CISA Cyber Performance Goals and NIST control baselines.

GDIT IS YOUR PLACE

• 401K: With company match.
• Health & Wellness: Comprehensive health and wellness packages.
• Career Growth: Internal mobility team dedicated to helping you own your career.
• Professional Development: Growth opportunities including paid education and certifications.
• Innovative Tech: Access to cutting-edge technology to stay ahead of the mission.
• Work-Life Balance: Rest and recharge with paid vacation and holidays.