Vulnerability and Patch Management Coordinator

Edgewater’s Vulnerability and Patch Management Coordinator supports the discovery, tracking, risk prioritization, and closure verification of software and configuration vulnerabilities across BPA’s Operational Technology environments. The successful candidate executes within the BPA Vulnerability Management Procedure, prioritizes CISA Known Exploited Vulnerabilities (KEVs), manages ChangeGear IRs, coordinates with Resource Managers (RMs), and administers the vulnerability waiver process—producing the weekly/monthly deliverables.  

Deliverables include Weekly technical risk and vulnerability assessments and weekly evaluations/recommendations; Monthly best practice guides focused on vulnerability identification, tracking, KEV handling, waiver hygiene, and evidence sufficiency; Vulnerability source lists, dashboards, and metrics to support continuous improvement. Secret or L clearance needed to be considered. 

• Vulnerability discovery and prioritization 

• Patch program coordination 

• Ticket creation and management  

• KEV administration 

• Verification and closure 

• Reporting and best practices: Deliver weekly technical risk and vulnerability assessments and weekly evaluations/recommendations; Produce monthly best practice guides focused on vulnerability identification, tracking, KEV handling, waiver hygiene, and evidence sufficiency; Maintain vulnerability source lists, dashboards, and metrics to support continuous improvement. 

• 2-5+ years of relevant experience in vulnerability management within government, regulated, or critical infrastructure environments, including: 

• Documenting vulnerability assessments, mitigation plans, and vulnerability-related analysis. 

• Managing vulnerability tickets and evidence through change/CM processes to closure. 

• Working knowledge of: 

• NIST SP 800-53r5 System and Information Integrity; FISMA concepts; NERC CIP context for vulnerability due dates and evidence. 

• CISA KEV catalog, CVE/CVSS, and vulnerability due date management. 

• Tool proficiency: 

• Splunk (Vulnerability Assessment App), Nessus (or equivalent), ChangeGear (or similar ITSM/IR), and CMS baselining; ability to relate RFCs as evidence. 

• Strong coordination, documentation, and stakeholder communication skills. 

• Ability to obtain and maintain DOE/BPA access; complete BPA trainings; maintain network access per cadence requirements. 

Preferred Qualifications: 

• 2–5+ years of vulnerability coordination in OT/ICS, utility/energy, or other highly regulated environments. 

• Experience running waiver processes (eligibility, approvals, expirations) and KEV escalations. 

• Certifications: Security+, CySA+, GSEC, ITIL, Splunk, Tenable/Nessus, or equivalent. 

Deliverables and Measures of Success: 

• Weekly: formally documented technical risk and vulnerability assessments; evaluations and recommendations accepted by COR/FI 

• As needed: mitigation plans for vulnerabilities (when required by procedure) with complete, auditable evidence 

• Monthly: best practice guides focused on vulnerability management 

• Performance metrics: 

• KEV and critical vulnerability timelines met; accurate ticket fields (CVE/CVSS/KEV/due dates) 

• Proper RFC relation and CMS baseline verification prior to closure (CIP/Production); Nessus verification for non-CIP after two scans 

• Timely waiver processing and proactive expiration notifications 

Work Conditions: 

• Primarily onsite at BPA’s Dittmer Control Center; work may align to maintenance windows to minimize operational impact 

• Minimal travel; no foreign travel. Must comply with BPA safety, information protection, and access policies 

About Us:  

Edgewater Federal Solutions is a privately held government contracting firm located near Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services, and timely delivery. Edgewater is ISO 9001, 20000-1, 27001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2025. 

It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other status protected by applicable law.