Vulnerability Management (Tenable)

About Acuative

Acuative is a global IT solutions provider committed to delivering top-tier managed services, managed solutions, and network infrastructure support. With a client-first mindset and a relentless drive for excellence, we empower organizations to scale securely and efficiently. Our success is powered by our peoplewe invest in our employees through continuous on-the-job training, mentorship, and assisted learning that helps to grow our teams. At Acuative, you'll find a collaborative environment built on professionalism, innovation, and the shared pursuit of achieving high results. Join us and help shape the future of IT.

Responsibilities

Architect scanner groups and scan zones to optimize coverage and load balancing.

o Audit and monitor all administrator and user actions.

o Automate tagging, prioritization, and alerting based on rules.

o Continuously monitor new/unscanned assets and ensure onboarding workflows are enforced.

o Correlate findings with threat intelligence and business context.

o Create tailored scan templates based on asset type, criticality, and business impact.

o Deploy 100% vulnerability scan coverage across the asset inventory.

o Deploy, configure, and maintain Tenable platforms (Tenable.io, Tenable.sc, Nessus scanners,

and agents).

o Design and execute recurring authenticated/uncredentialed scans across all environments (on-prem, cloud, OT/IoT).

o Enable multi-factor authentication and secure access portals.

o Ensure 100% regulatory scan and reporting compliance across all applicable standards.

o Ensure 100% visibility and scanning coverage of assets, including dynamic/ephemeral assets (cloud, containers, remote endpoints).

o Ensure SLAs are tracked for vulnerability resolution by severity class (Critical, High, Medium, Low).

o Follow structured change management for updates, new scan zones, and critical

configuration changes.

o Generate and distribute regular compliance reports to stakeholders.

o Integrate Tenable with SIEM, SOAR, CMDB, threat intelligence platforms, and risk scoring

engines.

o Integrate Tenable with ticketing platforms (e.g., ServiceNow) to automate remediation

workflows.

o Integrate with CMDB, cloud APIs (AWS, Azure, GCP), Threat intelligence, XDR platforms, and endpoint tools for automatic asset synchronization.

o Maintain scanner health, certificate validity, plugin updates, and software versioning.

o Maintain up-to-date documentation for scan architecture, configurations, tagging logic, and risk models.

o Manage role-based access control (RBAC), ensuring least privilege of access as needed.

o Map scan data to regulatory frameworks (e.g., NIST, ISO 27001, NCA).

o Monitor ingestion rates, license usage, and connectivity to internal/external assets.

o Monitor scan success/failure rates, scanner utilization, plugin update status, and data

freshness.

o Optimize scan performance, frequency, and scan depth.

o Prioritize remediation based on business risk, asset criticality, and exploitability.

o Re-scan to validate successful remediation and update ticket status accordingly.

o Retain historical scan data and audit logs in alignment with retention policies.

o Review scan results and validate high-risk vulnerabilities (CVSS, EPSS, VPR, exploitability).

o Schedule scans to minimize impact on production systems while ensuring compliance.

o Suppress false positives, acknowledge accepted risks, and flag actively exploited

vulnerabilities.

o Troubleshoot issues with credentials, agents, scan reachability, and configuration.

o Use APIs and connectors to automate scans, asset syncing, and data transfers.

Requirements:

Experience: 5 years