Vulnerability Management & Remediation Lead

This is a remote position.

The Vulnerability Management & Remediation Lead will support the Texas Education Agency on the Vulnerability Management and Remediation Program. This role is responsible for overseeing the full lifecycle of vulnerability remediation, from inventory and baseline establishment through validation and formal closure. The specialist will coordinate remediation activities across system, server, and application owners while ensuring risk classification and prioritization are consistent with applicable NIST guidance. Reporting and escalation functions are central to this role, requiring clear and consistent communication with agency governance and oversight bodies.

Responsibilities

• Review existing vulnerability data and establish a consolidated vulnerability baseline with an associated remediation timeline reflecting current risk posture and aging.
• Categorize and prioritize vulnerabilities based on risk, severity, exploitability, and potential impact to agency operations.
• Validate that remediation timeframes are consistent with agency-established expectations for each vulnerability risk level.
• Coordinate remediation activities with system, server, and application owners across the agency.
• Communicate remediation expectations, risk context, and required timelines clearly to all responsible parties.
• Track remediation progress and identify blockers, dependencies, or delays impacting closure.
• Escalate overdue, high-risk, or critical vulnerabilities to appropriate agency governance or oversight bodies in accordance with established processes.
• Produce periodic status reports summarizing vulnerability remediation status and metrics.
• Validate remediation actions through available evidence, including vulnerability scan results and supporting artifacts, and confirm formal closure in tracking systems.
• Identify process gaps or systemic issues and provide recommendations for improving vulnerability remediation processes consistent with NIST standards and agency governance requirements.

Requirements

Minimum Qualifications

• 8 years of experience in vulnerability inventory and baseline establishment.
• 8 years of experience in risk classification and prioritization.
• 8 years of experience tracking vulnerability remediation activities.
• 8 years of experience producing status reports related to vulnerability management.
• 8 years of experience validating remediation actions through available evidence, including vulnerability scan results.

Preferred Qualifications

• Familiarity with NIST vulnerability management standards and frameworks.
• Experience working within state or public sector agency environments.
• Demonstrated ability to escalate and communicate risk findings to governance and oversight bodies.

Additional Requirements

• Candidates who do not meet or exceed the minimum stated requirements may not be selected for this opportunity.
• Any travel, per diem, parking, and/or living expenses are the responsibility of the candidate.
• Pre-approved travel expenses must comply with State of Texas travel rules, including requirements for original receipts.
• The candidate may be required to work outside normal business hours, including evenings, weekends, and holidays, as requested and pre-approved by the Texas Education Agency.
• Work performed beyond 40 hours per week must be coordinated and pre-approved by the Texas Education Agency.

Work Location and Schedule

Location: 100% Remote — within the United States