Job title: Vulnerability Management and Remediation Coordination Lead

Job type: Contract

Contract Length: Through end of August 2026 (~560 hours total)

Rate: $70 – $80 per hour (W2)

Role Location: 100% Remote (United States)

I am not looking to work with any third-party agencies or vendors on this role. Seriously guys, please don't call me. Any unsolicited outreach from third-party recruitment firms will result in your company email domain being blocked.

The company:

A US public sector client. They have engaged us to run the coordination layer of their vulnerability remediation programme for a defined engagement ending in August 2026.

Role and Responsibilities:

You will own the end-to-end coordination of vulnerability remediation across the agency — from pulling together the current vulnerability picture, through prioritising what matters, through working with system, server, and application owners to actually get things fixed, through evidence-backed closure. The role is NIST-aligned and sits at the intersection of security operations and engineering accountability.

• Review existing vulnerability data from scans, assessments, and other security tools, and establish a consolidated baseline
• Document a remediation timeline that reflects current risk posture and aging across the estate
• Categorise and prioritise vulnerabilities by risk, severity, exploitability, and potential operational impact — aligned to NIST guidance
• Validate that remediation timeframes match the agency's expectations for each risk level
• Coordinate remediation with system, server, and application owners — communicating expectations, risk context, and timelines clearly
• Track remediation progress and surface blockers, dependencies, and delays early
• Escalate overdue, high-risk, or critical vulnerabilities to the appropriate governance or oversight bodies
• Produce periodic status reports summarising remediation progress and outstanding risk
• Validate remediation actions through available evidence — scan results and other supporting artifacts — and confirm closure in tracking systems
• Where a vulnerability cannot be remediated within the required timeframe, document it formally with approved risk acceptance or exception paperwork
• Identify process gaps, systemic issues, and control weaknesses, and recommend improvements aligned with NIST standards and agency governance

Job Requirements:

• 8+ years building vulnerability inventories and establishing consolidated baselines across a large estate
• 8+ years running risk classification and prioritisation aligned to NIST guidance
• 8+ years tracking vulnerability remediation end-to-end, including coordination with system and application owners
• 8+ years producing executive-ready status reports on remediation progress and outstanding risk
• Demonstrated track record validating remediation actions through scan evidence and other supporting artifacts

Interview Process:

Two-stage interview process.

Please note we are unable to offer employer sponsorship for this role.

Accessibility Statement:

We make an active choice to be inclusive towards everyone every day. Please let us know if you require any accessibility adjustments through the application or interview process.

Our Commitment to Diversity, Equity, and Inclusion:

Signify's mission is to empower every person, regardless of their background or circumstances, with an equitable chance to achieve the careers they deserve. Building a diverse future, one placement at a time.

Check out our DE&I page here: https://www.signifytechnology.com/diversity-and-inclusion/