• Manage Plan of Action & Milestones (POA&Ms) lifecycle including creation, tracking, risk adjustment justification, and deviation requests in coordination with 3PAO assessors and federal stakeholders • Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with FedRAMP, HITRUST, PCI, and similar frameworks • Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries • Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments • Translate technical vulnerability findings into risk-based language for federal clients and authorization officials, presenting monthly status briefings as needed • Collaborate with development, SRE, and infrastructure teams to integrate vulnerability management into CI/CD pipelines, cloud environments (AWS, Azure, GCP), and container/Kubernetes platforms • Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture • Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches • Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation • Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates for clients • Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures