Vulnerability Management; Tenable

Acuative is a global IT solutions provider committed to delivering top-tier managed services, managed solutions, and network infrastructure support. With a client‑first mindset and a relentless drive for excellence, we empower organizations to scale securely and efficiently. Our success is powered by our people – we invest in our employees through continuous on‑the‑job training, mentorship, and assisted learning that helps to grow our teams.

At Acuative, you’ll find a collaborative environment built on professionalism, innovation, and the shared pursuit of achieving high results.

• Architect scanner groups and scan zones to optimize coverage and load balancing.
• Audit and monitor all administrator and user actions.
• Automate tagging, prioritization, and alerting based on rules.
• Continuously monitor new/unscanned assets and ensure onboarding workflows are enforced.
• Correlate findings with threat intelligence and business context.
• Create tailored scan templates based on asset type, criticality, and business impact.
• Deploy 100% vulnerability scan coverage across the asset inventory.
• Deploy, configure, and maintain Tenable platforms (Tenable.io, Tenable.sc, Nessus scanners, and agents).
• Design and execute recurring authenticated/uncredentialed scans across all environments (on‑prem, cloud, OT/IoT).
• Enable multi‑factor authentication and secure access portals.
• Ensure 100% regulatory scan and reporting compliance across all applicable standards.
• Ensure 100% visibility and scanning coverage of assets, including dynamic/ephemeral assets (cloud, containers, remote endpoints).
• Ensure SLAs are tracked for vulnerability resolution by severity class (Critical, High, Medium, Low).
• Follow structured change management for updates, new scan zones, and critical configuration changes.
• Generate and distribute regular compliance reports to stakeholders.
• Integrate Tenable with SIEM, SOAR, CMDB, threat intelligence platforms, and risk scoring engines.
• Integrate Tenable with ticketing platforms (e.g., Service Now) to automate remediation workflows.
• Integrate with CMDB, cloud APIs (AWS, Azure, GCP), threat intelligence, XDR platforms, and endpoint tools for automatic asset synchronization.
• Maintain scanner health, certificate validity, plugin updates, and software versioning.
• Maintain up‑to‑date documentation for scan architecture, configurations, tagging logic, and risk models.
• Manage role‑based access control (RBAC), ensuring least privilege of access as needed.
• Map scan data to regulatory frameworks (e.g., NIST, ISO 27001, NCA).
• Monitor ingestion rates, license usage, and connectivity to internal/external assets.
• Monitor scan success/failure rates, scanner utilization, plugin update status, and data.
• Optimize scan performance, frequency, and scan depth.
• Prioritize remediation based on business risk, asset criticality, and exploitability.
• Re‑scan to validate successful remediation and update ticket status accordingly.
• Retain historical scan data and audit logs in alignment with retention policies.
• Review scan results and validate high‑risk vulnerabilities (CVSS, EPSS, VPR, exploitability).
• Schedule scans to minimize impact on production systems while ensuring compliance.
• Suppress false positives, acknowledge accepted risks, and flag actively exploited vulnerabilities.
• Troubleshoot issues with credentials, agents, scan reachability, and configuration.
• Use APIs and connectors to automate scans, asset syncing, and data transfers.

• Experience:
  
  5 years
• Seniority level:
  Mid‑Senior level
• Employment type:
  
  Contract
• Job function:
  Engineering and Consulting
• Industries: IT Services and IT Consulting