NY Creates · 19 hours ago
Associate Director of Vulnerability Management
Albany, NY
Full-time
Onsite
Lead/Staff, Director/Executive
$120K/yr - $170K/yr
8+ years expNY Creates serves as a bridge for advanced electronics and leads projects that advance R&D in emerging technologies. The Associate Director of Vulnerability Management will oversee the Vulnerability Management program, ensuring effective risk-based scanning and remediation across various environments, while also mentoring junior staff and collaborating with IT and engineering teams.
Non ProfitSemiconductor
Responsibilities
Own the full Tenable technology stack: Security Center (on-prem), Tenable.io (cloud), Nessus Professional/Agents, Nessus Network Monitor (NNM), and Tenable.cs (cloud security); perform version upgrades, HA clustering, and disaster recovery testing
Design and implement authenticated, agent-based scanning architecture covering Windows, Linux, macOS, container runtimes (Docker, Podman), Kubernetes clusters, AWS/AMIs, Azure VMs, and GCP instances
Build and maintain custom scan policies, compliance benchmarks (CIS, DISA STIG, NIST 800-53), and plugin families tailored to semiconductor R&D tools, clean-room systems, and HPC clusters
Operationalize asset discovery via active (Nessus) and passive (NNM, PVS) sensors; integrate with CMDB, ITSM, and IPAM for dynamic asset grouping and ownership assignment
Develop risk-scoring models combining CVSS, EPSS, KEV (CISA Known Exploited Vulnerabilities), threat intel context, and business criticality; automate prioritization via Tenable APIs and SOAR playbooks
Orchestrate remediation workflows: auto-ticket creation in ServiceNow/Jira, SLA tracking, patch deployment via WSUS, Ansible, Tanium, or SCCM, and validated closure with re-scan
Lead vulnerability triage war-room sessions with system owners, patch engineers, and application teams; negotiate risk-based exceptions with documented compensating controls
Produce weekly executive dashboards (Tenable Lumin/Exposure View) and monthly trend reports on MTTR, patch compliance, and risk reduction; support audit evidence for CMMC, NIST 800-171, and insurance renewals
Integrate VM data into SOAR for automated containment (e.g., isolate unpatched assets via NAC/micro-segmentation) and enrichment with CTI IOCs
Perform end-to-end VM program maturity assessments; author policies, standards, and procedures aligned to NIST 800-40, CIS Control 7, and MITRE ATT&CK T1595
Conduct red-team validated scanning exercises; tune out false positives, optimize scan windows, and minimize performance impact on production fab tools
Train and mentor Tier 1/2 analysts on Nessus agent deployment, scan interpretation, and remediation best practices; develop internal certification path
Stay ahead of emerging VM technologies (e.g., attack surface management, SBOM integration) and represent NYC in SUNY VM working groups
Critical thinking to correlate vulnerabilities with active exploits, lateral movement paths, and crown-jewel asset proximity
Ability to script complex data transformations (Python, PowerShell, SPL) for custom reporting and API-driven automation
High degree of initiative, dependability, and ability to drive cross-org change with minimal oversight
Effective oral & written communication skills, including C-level risk briefings, audit defense, and technical policy authorship
Qualification
Required
Minimum of eight (8) years of progressive cybersecurity experience with at least five (5) years exclusively in enterprise vulnerability management program leadership, Tenable platform ownership, or equivalent roles in regulated research, critical manufacturing, or federal contractor environments (1,000+ assets, hybrid cloud, OT inclusion)
Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related STEM field from an accredited institution; master's degree preferred. Equivalent Tenable Certified Engineer experience or military cyber operations training accepted
Tenable Certified Security Center Administrator (TSCA)
Tenable Certified Nessus Expert (TCNE) or Tenable.io Certified Specialist
Tenable Vulnerability Management Certified Professional (TVMCP)
This position is contingent on the satisfactory completion of a background check
Preferred
Additional high-value certifications are strongly preferred: GIAC Certified Vulnerability Assessor (GVAA) or GIAC Security Essentials (GSEC)
Certified Information Systems Security Professional (CISSP)
Knowledge of information security management frameworks such as the NIST Cybersecurity Framework, NIST Special Publication 800-171, or CIS 18 Critical Security Controls
Benefits
Medical, Vision, and Dental
Competitive Pay and PTO
Flexible Heath Spending and Dependent Care Accounts
Basic / Optional Life Insurance
Post-Retirement Health Insurance
Employer contribution of 7% of earnings to a Basic Retirement plan after meeting one year of service.
Optional employee contributed retirement account
Company
NY Creates
NY Creates leads industry-connected innovation and commercialization projects to attract investment and create jobs in high technology.
1001-5000 employees
H1B Sponsorship
NY Creates has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2024 (2)
2021 (1)
2020 (4)
Funding
Current Stage
Late StageLeadership Team
William Bronner, SPHR, SHRM-SCP
Chief Human Resources Officer
Recent News
Central New York Business Journal
2025-11-04
Seattle TechFlash
2025-09-12
Company data provided by crunchbase