Location: Albany, NY Category: Administrative Posted On: Mon Feb 9 2026 Job Description:
Job Description for Associate Director of Vulnerability Management
JOB SUMMARY
The Associate Director of Vulnerability Management is the organization's authoritative owner of the end-to-end Vulnerability Management (VM) program, responsible for architecting, deploying, operationalizing, and continuously maturing a risk-based scanning and remediation ecosystem across NY Creates (NYC) research labs, semiconductor fabrication facilities, hybrid cloud environments, OT/ICS assets, and regulated data systems. This role serves as the hands-on technical lead for the Tenable Security Center / Tenable.io (Nessus) platform suite, driving full lifecycle implementation from initial proof-of-concept and federated deployment to credentialed agent-based scanning, custom policy creation, dashboard orchestration, and integration with SOAR, CMDB, and ticketing workflows. With deep engineering expertise in asset discovery, authenticated scanning, CVE prioritization using CVSS v3.1+ and EPSS, and remediation orchestration, the VM Lead translates raw vulnerability data into prioritized, executive-actionable risk intelligence while enforcing SLAs for patch deployment, exception management, and compliance reporting (NIST 800-171, CMMC 2.0, NY DFS). The incumbent operates with surgical precision in high-assurance environments, automates at scale, mentors junior staff, and partners with IT, DevOps, and Engineering to embed security into the software and hardware lifecycle.
Job Responsibilities include but are not limited to:
Own the full Tenable technology stack: Security Center (on-prem), Tenable.io (cloud), Nessus Professional/Agents, Nessus Network Monitor (NNM), and Tenable.cs (cloud security); perform version upgrades, HA clustering, and disaster recovery testing.
Design and implement authenticated, agent-based scanning architecture covering Windows, Linux, macOS, container runtimes (Docker, Podman), Kubernetes clusters, AWS/AMIs, Azure VMs, and GCP instances.
Build and maintain custom scan policies, compliance benchmarks (CIS, DISA STIG, NIST 800-53), and plugin families tailored to semiconductor R&D tools, clean-room systems, and HPC clusters.
Operationalize asset discovery via active (Nessus) and passive (NNM, PVS) sensors; integrate with CMDB, ITSM, and IPAM for dynamic asset grouping and ownership assignment.
Develop risk-scoring models combining CVSS, EPSS, KEV (CISA Known Exploited Vulnerabilities), threat intel @context, and business criticality; automate prioritization via Tenable APIs and SOAR playbooks.
Orchestrate remediation workflows: auto-ticket creation in ServiceNow/Jira, SLA tracking, patch deployment via WSUS, Ansible, Tanium, or SCCM, and validated closure with re-scan.
Lead vulnerability triage war-room sessions with system owners, patch engineers, and application teams; negotiate risk-based exceptions with documented compensating controls.
Produce weekly executive dashboards (Tenable Lumin/Exposure View) and monthly trend reports on MTTR, patch compliance, and risk reduction; support audit evidence for CMMC, NIST 800-171, and insurance renewals.
Integrate VM data into SOAR for automated containment (e.g., isolate unpatched assets via NAC/micro-segmentation) and enrichment with CTI IOCs.
Perform end-to-end VM program maturity assessments; author policies, standards, and procedures aligned to NIST 800-40, CIS Control 7, and MITRE ATT&CK T1595.
Conduct red-team validated scanning exercises; tune out false positives, optimize scan windows, and minimize performance impact on production fab tools.
Train and mentor Tier 1/2 analysts on Nessus agent deployment, scan interpretation, and remediation best practices; develop internal certification path.
Stay ahead of emerging VM technologies (e.g., attack surface management, SBOM integration) and represent NYC in SUNY VM working groups.
Critical thinking to correlate vulnerabilities with active exploits, lateral movement paths, and crown-jewel asset proximity.
Ability to script complex data transformations (Python, PowerShell, SPL) for custom reporting and API-driven automation.
High degree of initiative, dependability, and ability to drive cross-org change with minimal oversight.
Effective oral & written communication skills, including C-level risk briefings, audit defense, and technical policy authorship.
Job Requirements:
Minimum Requirements
Minimum of eight (8) years of progressive cybersecurity experience with at least five (5) years exclusively in enterprise vulnerability management program leadership, Tenable platform ownership, or equivalent roles in regulated research, critical manufacturing, or federal contractor environments (1,000+ assets, hybrid cloud, OT inclusion).
Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related STEM field from an accredited institution; master's degree preferred. Equivalent Tenable Certified Engineer experience or military cyber operations training accepted.
This position is contingent on the satisfactory completion of a background check.
Tenable-specific certifications required:
Tenable Certified Security Center Administrator (TSCA)
Tenable Certified Nessus Expert (TCNE) or Tenable.io Certified Specialist
Tenable Vulnerability Management Certified Professional (TVMCP)
Preferred Requirements
Additional high-value certifications are strongly preferred:
GIAC Certified Vulnerability Assessor (GVAA) or GIAC Security Essentials (GSEC)
Certified Information Systems Security Professional (CISSP)
Knowledge of information security management frameworks such as the NIST Cybersecurity Framework, NIST Special Publication 800-171, or CIS 18 Critical Security Controls.
Don't meet every requirement? At NY Creates we are dedicated to building a welcoming workplace. If you are excited about working for NY Creates but your experience doesn't exactly align perfectly with the job description, we encourage you to apply anyway, you might still be a perfect fit or a fit for another role at NY Creates.
Benefits
Medical, Vision, and Dental
Competitive Pay and PTO
Flexible Heath Spending and Dependent Care Accounts
Basic / Optional Life Insurance
Post-Retirement Health Insurance
Employer contribution of 7% of earnings to a Basic Retirement plan after meeting one year of service.
Optional employee contributed retirement account
Location: 257 Fuller Road, Albany, NY 12203
Salary Range: $120,000-$170,000
**Posted salary rates are determined upon experience and education
Additional Information:
NOTE: Some positions require access to export-controlled commodities, technical data, technology, software, or restricted programs where U.S. Government authorization may be required.
For positions requiring such access, offers of employment are contingent upon the employer being able to obtain the necessary authorization, including, if required, an export license from the U.S. Department of Commerce's Bureau of Industry and Security, the U.S. Department of State's Directorate of Defense Trade Controls, or other government agencies. The decision to pursue an export license application is at The Research Foundation for SUNY's sole discretion. Proof of status may be required prior to employment in connection with necessary authorizations.
Employment is with the Research Foundation for SUNY. The Research Foundation is an Equal Opportunity Employer, including individuals with disabilities and protected veterans.
In compliance with the Americans with Disabilities Act (ADA), if you have a disability and require a reasonable accommodation to apply please call Human Resources at 518-437-8686.
