Vulnerabilty Management Engineer

Role: Vulnerabilty Management Engineer

Location: Onsite- Fairfax, VA 3 Days and in Washington, DC 2 Days per Week.

Duration: Long Term Contract

Position Require a Secret Clearance

Job Description:

The Vulnerability Management Engineer position supports vulnerability identification, analysis, remediation coordination, and compliance reporting for Federal systems. The role requires strong knowledge of federal cybersecurity frameworks, including NIST 80053, NIST 80037 RMF, FISMA, FedRAMP, and DoDspecific controls. The Engineer will work with ISSOs, system owners, security architects, and engineering teams to ensure continuous visibility and reduction of security risks across missioncritical environments. This role requires expertise in vulnerability scanning, assessment, automation, remediation tracking, and communicating risk to both technical and nontechnical federal stakeholders.

Primary Responsibilities:

• Plan, schedule, and execute vulnerability scans on federal systems using tools such as Tenable Nessus and Qualys.
• Analyze scan results, validate findings, eliminate false positives, and prioritize remediation based on criticality, exploitability, and federal impact levels.
• Support vulnerability discovery across cloud, onpremises, hybrid, and containerized environments.
• Ensure vulnerability management activities align with NIST RMF, NIST 80053, DOD STIGs, FedRAMP, and agencyspecific guidelines.
• Contributes to the creation, maintenance, and tracking of POA&Ms, ensuring compliance with federal deadlines and reporting requirements.
• Collaborate with ISSOs and system owners to support Security Control Assessments (SCAs) and audits.
• Work closely with system administrators, developers, network engineers, and cloud teams to drive timely remediation of vulnerabilities.
• Prepare compliance reports for federal leadership, auditors, ISSOs, and system owners.
• All other duties as assigned by management.

Skills and Qualifications:

• Bachelor s degree in computer science or related field
• 8+ years in Cybersecurity and Risk Management Framework
• Experience with vulnerability scanning tools (Nessus or Qualys)
• Experience performing risk assessments for Federal systems in AWS GovCloud
• Experience supporting FedRAMP High/Moderate systems
• Knowledge in Java, Python, HTML, SQL, CSS and cloud computing
• Excellent communication and management skills.

Certifications Required:

• Certified Information Systems Security Professional (CISSP)
• CompTIA Security +

Security Clearance Requirements:

• Must have an active DoD Secret clearance.

Work Location:

• 3 days in Fairfax, VA, 2 days in Washington, D.C.