ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Vulnerability Assesment Manager who has experience operating and maintaining enterprise vulnerability scanning solutions for identifying vulnerabilities across all IP addressable devices every three days in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.


The Vulnerability Assessment Manager will be responsible for evaluating an organization’s existing Vulnerability Management program and making recommendations in accordance with best practices.   This person will evaluate the existing technologies used and recommend additional scanning solutions based on the types of data and enterprise technologies existing within the infrastructure.  Will work closely with the operations to evaluate the inventory and build scan schedules based on system priority and network performance.  The Vulnerability Assessment Manager will need to be familiar with the methodologies and tools used for CDM capabilities such as McAfee, IBM IEM (BigFix), TripWire IP360, Tenable Nessus, RSA Archer, ServiceNow, and others. The candidate will work closely with CDM solution architects, testers, training teams and the Agency to ensure a successful operations and maintenance of VUL capabilities.

Roles and Responsibilities

  • Evaluate current vulnerability management program in place at major federal Agency
  • Develop recommendations for improving vulnerability management program to include tools used to evaluate vulnerabilities
  • Build strategic plan for maturing vulnerability management program while maintaining compliance with CDM VUL requirements
  • Build scan schedules for enterprise systems based on system priority and technology platform
  • Provide technical support for the Tenable Nessus scanning solution including executing scans, perform daily administration support, and maintain version status for all deployed products
  • Escalate technical issues to the engineering team and OEM vendor as needed
  • Provide support in the capture of CVE enumeration and reporting to the CDM dashboard of vulnerability status across the enterprise
  • Provide guidance and direction to Government customers using best practice software deployment strategies using existing tools like SCCM
  • Balance network scanning schedules with the mission impact and network performance across the enterprise
  • Create technical documents, drawings, how-to guides and other deliverables
  • Adhere to security best practices and comply with government standards
  • Analyze mission requirements and make recommendations
  • Communicate and present recommendations to senior engineers or managers in written and oral format
  • Maintain knowledge of security regulations, best practices, countermeasures, compliance standards, and current threats

Required Skills

  • Prior experience, preferably 2+ years on a Cyber security project using tools such as Tenable Nessus, Rapid7, Retina, McAfee ePO, Policy Auditor, Application Control, ServiceNow, TripWire IP360, RSA Archer
  • Ability to identify scanning tools appropriate for technology being evaluated for vulnerabilities (OS, web applications, databases, network devices, etc)
  • Exceptional customer focus and bias for action
  • Candidates must have excellent oral and written communication skills
  • Ability to manage multiple tasks and projects in a fast-moving environment
  • Experience managing personnel and/or leading teams of subordinates

Desired Skills

  • Prior CDM experience preferred, but not required

Education Requirement

  • Bachelor’s degree preferred

Years of Experience Requirement

  • 3 years of overall IT or Cyber experience
  • 3+ years of experience with vulnerability assessments using multiple technologies

Certification Requirement

  • CISSP Certification preferred, but not required
  • CEH or appropriate vulnerability scanning certification preferred, but not required


  • Reston, VA OR Ballston, VA (exact split of time between each location is dependent on candidate preference and priority of tasks

Security Clearance

  • Candidate must be able to obtain a Public Trust Clearance

Sound like the job for you?

Send us a link to your resumé or portfolio to become part of our talent pool.

Click here to apply