Cyber Security Analyst III – Vulnerability Management

This is a fully remote position, open to applicants in United States.

📋 Description

• Conduct vulnerability scans across servers, endpoints, network devices, and cloud environments utilizing approved tools (e.g., Tenable, Nessus).

• Enhance scanning configurations, schedules, and coverage for improved program efficiency.

• Analyze and interpret scan results to verify findings, identify false positives, and prioritize vulnerabilities according to risk severity, exploitability, and asset criticality.

• Provide well-justified risk-based recommendations to system owners and program leadership.

• Collaborate with system owners, administrators, and stakeholders to facilitate prompt remediation or mitigation of vulnerabilities.

• Document and monitor remediation progress through POA&Ms, ticketing systems, or enterprise GRC platforms.

• Engage in and contribute to risk assessments by assessing the potential impact of unaddressed vulnerabilities, recommending compensating controls, and thoroughly documenting findings for stakeholder and leadership review.

• Assist in and contribute to continuous monitoring reporting by maintaining vulnerability metrics, trend analyses, and risk summaries for leadership evaluation.

• Perform and participate in assurance activities to validate vulnerability scan coverage, tool configuration, and data quality.

• Assess patch management effectiveness and identify shortcomings in remediation processes.

⛳️ Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline.

• Over 5 years of experience in vulnerability management, system security, or security operations, or a comparable combination of education, experience, and training.

• Capability to pass a background and drug screening.

• Must possess identification compliant with the Real ID Act at the time of hire.

• Must be eligible to obtain a Department of Energy access badge.

• Experience in integrating vulnerability scan data with GRC or POA&M tracking systems (e.g., eMASS, RegScale, ServiceNow GRC, or similar) is preferred.

• Familiarity with CISA directives, STIGs, and federal vulnerability reporting standards is preferred.

• Knowledge of cloud vulnerability management, including AWS, Azure, or hybrid environments is preferred.

• Exposure to threat intelligence correlation or risk-based vulnerability prioritization methods is preferred.

• Relevant certifications such as Security+, CySA+, CEH, CGRC (CAP), or Tenable Certified Practitioner are preferred.

🏝️ Benefits

• Paid holidays.

• Paid time off.

• 401k with employer match.

• Dental coverage.

• Vision coverage.

• Health insurance plans through the Federal Employee Health Benefits (FEHB) program.

• Life and disability benefits.