Vulnerability Management Analyst

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead and oversee comprehensive vulnerability disclosure programs (VDP), ensuring effective collaboration with ethical hackers, system administrators, and agency stakeholders.

• Take ownership of attack surface management initiatives (e.g., CISA FAST), which includes scheduling, scope management, coordination of findings, and documentation of Plans of Action and Milestones (POA&M).

• Administer and refine Standard Operating Procedures (SOPs), maintain SharePoint repositories, and manage program tracking documentation.

• Operate and sustain enterprise-level vulnerability scanning platforms such as Tenable.sc, Tenable.io, and tools for web application scanning.

• Define the scope, schedule, execute, and report on vulnerability scans within extensive and complex federal environments.

• Monitor and facilitate the remediation process for critical, high, and all tiers of vulnerabilities to ensure closure within program Service Level Agreements (SLAs).

• Establish and nurture professional relationships with CISA contacts, agency system owners, Security Operations Center (SOC) personnel, and contractor teams.

⛳️ Requirements

• A minimum of 3 years of hands-on experience in vulnerability management within a federal agency setting.

• Proven track record of program ownership in VDP, attack surface management, or similar independently managed initiatives.

• Expertise in using Tenable.sc and/or Tenable.io, including scan configuration, report generation, and management of false positives.

• Familiarity with CISA programs (VDP, FAST, BOD compliance) or comparable federal cybersecurity efforts.

• Practical understanding of ServiceNow or similar IT Service Management (ITSM) platforms for ticket management.

• Capability to produce clear, precise SOPs, POA&Ms, and documentation intended for stakeholders.

• A Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or relevant practical experience.

• Active security clearance or the eligibility to obtain one is preferred.

🏝️ Benefits

• Health, Dental, and Vision Insurance

• PTO

• 401(k)

• Remote work flexibility

• Exposure to high-impact federal cybersecurity programs

• Direct access to firm leadership and opportunities for career development