Cyber Vulnerability Management Analyst

Type of Requisition:

Clearance Level Must Currently Possess:

Clearance Level Must Be Able to Obtain:

Public Trust/Other Required:

Job Family:

Job Qualifications:

Skills:

Certifications:

Experience:

US Citizenship Required:

Job Description:

Seize your opportunity to make a personal impact as a Cyber Vulnerability Management Analyst to support a federal customer’s enterprise cybersecurity program. The analyst will play a critical role in operating and enhancing the Vulnerability Management (VM) lifecycle by analysing vulnerability scan data, validating findings, prioritizing risk, and coordinating remediation activities across complex enterprise environments.

This position requires hands-on experience with enterprise vulnerability scanning tools, strong cyber data analytics skills, and the ability to communicate technical risk clearly to system owners, engineers, and cybersecurity leadership.

*Candidates must be able to travel to customer location to obtain badging and fingerprinting prior to starting*

*Candidate must have resided in the US in the past 3 of 5 years*

Responsibilities:

• Analyze raw vulnerability scan results and provide clear, actionable findings to system owners and stakeholders
• Validate vulnerabilities, identify false positives, and confirm technical risk and exploitability
• Provide practical remediation guidance aligned with system architecture and operational constraints
• Track vulnerability remediation status and support risk-based prioritization
• Works closely with the risk management and other teams to determine system risks based upon vulnerability results and ensure compensating and/or mitigating controls are in place.
• Operate and support vulnerability scanning tools across multiple platforms, including Tenable Security Center, Tenable.io, Nessus Manager, Nessus Network Monitor, NetSparker/Invicti Enterprise, CodeDX, Coverty, Black Duck, Seeker, and Guardium Database Scanner.
• Has a Solid understanding of networking concepts, including TCP/IP, DNS, DHCP, VPN, and firewalls from a security perspective.
• Develop and adhere to Standard Operating Procedures (SOP).
• Comfortable with interfacing the customer, cross-functional teams and application owners on vulnerability metrics and findings.
• Adhere to Service Level Agreements (SLA) for service request support.
• Mentor and train team members & program successors.
• Participates in special projects, as needed.
• Works with Program and Project management throughout the period of performance.
• Supports technical problems that occur and on-call support for non-business hours.
• Provide Weekly and on-demand Status Reports on work performed.

Required Skills:

• 4+ years of cybersecurity experience, with a strong focus on vulnerability management and security operations
• 3+ years Hands-on experience with enterprise vulnerability scanning tools (Tenable, Nessus, Invicti, etc.)
• Strong cyber data analytics skills and experience developing dashboards and reports
• Knowledge of current vulnerability trends, exploits, and threat intelligence
• Experience working in afederal IT or regulated environment
• Ability to manage multiple priorities and work independently with minimal supervision
• Strong collaboration and teamwork skills
• Strong cyber data analytics skills and experience developing dashboards and reports (Excel, Pivot Tables, charts, graphs, Power BI or other tools)
• Must be able to obtain a Public Trust and successfully pass a thorough government background screening process (forms/fingerprinting).

Desired Skills:

• Preference to candidates local to the DMV Area.
• Experience with MS Office suite (Word, Excel, PP, Visio, SharePoint, etc.)
• Experience with NIST, FISMA, and federal cybersecurity policy requirements.
• Experience with any HHS agencies or entities (CMS, HRSA, NIH, etc.)
• Demonstrated strong technical skills and analytic abilities, as well as experience performing system security analysis and risk management.
• Demonstrated experience performing complex technical tasks with minimal direction.
• Possesses experience with communicating potentials risks to stakeholders.
• Possess a broad knowledge of security best practices, policies and guidance.

Scheduled Weekly Hours:

Travel Required:

Telecommuting Options:

Work Location:

Additional Work Locations:

Total Rewards at GDIT:

gdit.com/tc.