Associate Director of Vulnerability Management

About NY Creates:

NY Creates serves as a bridge for advanced electronics, leads projects that advance R&D in emerging technologies, and generates the jobs of tomorrow. NY Creates also runs some of the most advanced facilities in the world, boasts more than 3,000 industry experts and faculty, and manages public and private investments of more than $25 billion - placing it at the global epicenter of high-tech innovation and commercialization.

Job Description:

Job Description for Associate Director of Vulnerability Management

JOB SUMMARY

The Associate Director of Vulnerability Management is the organizations authoritative owner of the end-to-end Vulnerability Management (VM) program, responsible for architecting, deploying, operationalizing, and continuously maturing a risk-based scanning and remediation ecosystem across NY Creates (NYC) research labs, semiconductor fabrication facilities, hybrid cloud environments, OT/ICS assets, and regulated data systems. This role serves as the hands-on technical lead for the Tenable Security Center / Tenable.io

(Nessus) platform suite, driving full lifecycle implementation from initial proof-of-concept and federated deployment to credentialed agent-based scanning, custom policy creation, dashboard orchestration, and integration with SOAR, CMDB, and ticketing workflows. With deep engineering expertise in asset discovery, authenticated scanning, CVE prioritization using CVSS v3.1+ and EPSS, and remediation orchestration, the VM Lead translates raw vulnerability data into prioritized, executive-actionable risk intelligence while enforcing SLAs for patch deployment, exception management, and compliance reporting (NIST 800-171, CMMC 2.0, NY DFS).

The incumbent operates with surgical precision in high-assurance environments, automates at scale, mentors junior staff, and partners with IT, Dev Ops, and Engineering to embed security into the software and hardware lifecycle.

Job Responsibilities include but are not limited to:

• Own the full Tenable technology stack:
  Security Center (on-prem), Tenable.io (cloud), Nessus Professional/Agents, Nessus Network Monitor (NNM), and Tenable.cs (cloud security); perform version upgrades, HA clustering, and disaster recovery testing.
• Design and implement authenticated, agent-based scanning architecture covering Windows, Linux, macOS, container runtimes (Docker, Podman), Kubernetes clusters, AWS/AMIs, Azure VMs, and GCP instances.
• Build and maintain custom scan policies, compliance benchmarks (CIS, DISA STIG, NIST 800-53), and plugin families tailored to semiconductor R&D tools, clean-room systems, and HPC clusters.
• Operationalize asset discovery via active (Nessus) and passive (NNM, PVS) sensors; integrate with CMDB, ITSM, and IPAM for dynamic asset grouping and ownership assignment.
• Develop risk-scoring models combining CVSS, EPSS, KEV (CISA Known Exploited Vulnerabilities), threat intel context, and business criticality; automate prioritization via Tenable APIs and SOAR playbooks.
• Orchestrate remediation workflows: auto-ticket creation in Service Now/Jira, SLA tracking, patch deployment via WSUS, Ansible, Tanium, or SCCM, and validated closure with re-scan.
• Lead vulnerability triage war-room sessions with system owners, patch engineers, and application teams; negotiate risk-based exceptions with documented compensating controls.
• Produce weekly executive dashboards (Tenable Lumin/Exposure View) and monthly trend reports on MTTR, patch compliance, and risk reduction; support audit evidence for CMMC, NIST 800-171, and insurance renewals.
• Integrate VM data into SOAR for automated containment (e.g., isolate unpatched assets via NAC/micro-segmentation) and enrichment with CTI IOCs.
• Perform end-to-end VM program maturity assessments; author policies, standards, and procedures aligned to NIST 800-40, CIS Control 7, and MITRE ATT&CK T1595.
• Conduct red-team validated scanning exercises; tune out false positives, optimize scan windows, and minimize performance impact on production fab tools.
• Train and mentor Tier 1/2 analysts on Nessus agent deployment, scan interpretation, and remediation best practices; develop internal certification path.
• Stay ahead of emerging VM technologies (e.g., attack surface management, SBOM integration) and represent NYC in SUNY VM working groups.
• Critical thinking to correlate vulnerabilities with active exploits, lateral movement paths, and crown-jewel asset proximity.
• Ability to script complex data transformations (Python, Power Shell, SPL) for custom reporting and API-driven automation.
• High degree of initiative, dependability, and ability to drive cross-org change with minimal oversight.
• Effective oral & written communication skills, including C-level risk briefings, audit defense, and technical policy authorship.

Requirements:

Minimum Requirements

• Minimum of eight (8) years of progressive cybersecurity experience with at least five (5) years exclusively in enterprise vulnerability management program leadership, Tenable platform ownership, or…