Manager, Vulnerability Assessment

Location: FL Pensacola - GPO Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description

Employee Perks

Why You Will Love Being Part of the Navy Federal Team:

*Competitive compensation with opportunities for annual raises, promotions, and bonus potential
*Best-in-Class Benefits! (7% 401k match / Pension plan / Tuition reimbursement / Great insurance options)
*On-site amenities include fitness center, wellness center, cafeteria, etc. at Pensacola, FL; Vienna, VA and Winchester, VA campuses
*Consistently Awarded Top Workplace
*Nationally recognized training department by TRAINING Magazine IND123
*An employee-focused, diverse, and service-oriented workplace environment

Basic Purpose

This position is responsible for the Vulnerability Assessment program within the Navy Federal Cybersecurity Operations Center (CSOC).  The Manager will work closely with the Cybersecurity leadership to shape the strategic vision for and continuously develop and mature the program.  The Manager oversee a team cybersecurity analysts responsible for identifying, assessing, reporting, and validating the remediation of vulnerabilities affecting Navy Federal’s IT systems.  The Manager will work closely with additional teams of cybersecurity analysts and engineers to protect Navy Federal’s brand, data, and IT assets from cyber-based threats.


• Develop and mature a growing vulnerability assessment program consisting of a small team of cybersecurity analysts.
• Apply demonstrated practical and management experience towards the optimization of processes and tools for vulnerability assessment to include asset discovery, automated scanning, manual assessment, false positive verification, remediation validation, and responsible disclosure.
• Identify areas of cyber risk and provide oversight, analysis, and risk-informed expert advice and recommendations.
• Provide guidance to application and system owners on vulnerability remediation requirements.
• Regularly conduct vulnerability and attack surface research for purposes of informing the CSOC’s overall computer network defense mission.
• Execute ad-hoc/priority tracking of enterprise vulnerability assessment activities across the organization
• Provide reporting to appropriate leaders and decision makers on outstanding vulnerabilities and remediation tasks as needed to include timely and relevant updates.
• Manage third-party contracts and engagements.
• Collaborate with industry partners and internal lines of business to discover and evaluate vulnerabilities.
• Escalating issues to management in a timely manner with appropriate information regarding risk and impact.
• Develop and establish operational metrics and reporting based on Key Performance Indicators (KPI's).
• Manage personnel to include establishing KSA’s (Knowledge Skills, Abilities), performance management and professional development, and provide leadership, guidance, and technical expertise.
• Provide external audit evidence/support and assure compliance to required standards, procedures, guidelines and processes.
• Execute ad-hoc tasks or lead small projects as needed.



• Understanding of vulnerability assessment methodologies and maturity models.
• Ability to maintaining a deep understanding of current threat, vulnerabilities, attacks, countermeasures and how to respond effectively to them.
• Experience using and evaluating enterprise-level vulnerability management solutions and assessment tools.
• Experience with common penetration testing and vulnerability assessment tools such as (e.g., nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, etc.)
• Familiarity with controls and control frameworks (e.g. NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, OWASP, ISO, COBIT, etc.).
• Understanding of CVSS, CVE, CWE, CPE, CCE, CWE, OVAL, SCAP and other related standards.
• Must be process and execution oriented with strong desire for continuous improvement.
• Excellent verbal and written communication skills to include the ability convey technical details in a clear and understandable manner to both, technical and non-technical audiences alike.
• Strong deductive reasoning, problem solving, and critical thinking abilities.
• Previous supervisory or management experience over a technical team.
• The ability to foster team work and collaboration across operational teams.
• Strong leadership qualities to include the ability to team-build, lead, mentor, and motivate others.
• Strong planning and organizational skills for the purposes of prioritizing initiatives and achieving goals.


• Knowledge of AWS and Azure Cloud configurations and how to secure them.
• Knowledge of virtualization configurations (to include those for containerization) and how to secure them.
• Experience with Red Team/penetration testing methodologies for networks, web-based applications, APIs, and mobile apps.
• Knowledge of MITRE ATT&CK frameworks.
• Relevant security certifications (e.g., GPEN, OSCP, CISA, CISM, CEH, etc.)
• Prior experience working in financial services or other highly-regulated sector.
• Experience managing a geographically dispersed workforce.
• Previous experience building out an operational capability, preferably within a cyber-related function.

Pensacola, FL or Vienna, VA (occasional travel between these locations is required)

Monday-Friday, 8:00AM-4:30PM

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.