Overview
Remote
On Site
65/hr - 67.24/hr
Full Time
Skills
SaaS
Workflow
Policies and Procedures
Risk Management
Kubernetes
Collaboration
Software Engineering
DevOps
Forms
Vulnerability Management
Service Level
Cloud Computing
Qualys
JIRA
FedRAMP
Auditing
Regulatory Compliance
Job Details
Leader in their industry, our exciting global SaaS construction platform client seeks a contract Vulnerability Management Analyst. This is a fully remote role. Must be currently living in the USA.
The FedRAMP Vulnerability Management Analyst is a contract role focused on reviewing vulnerability deviation requests and working directly with engineering and development teams to ensure timely remediation or formal approval of exceptions within a FedRAMP authorized SaaS environment. The analyst keeps the exception workflow moving by validating requests, guiding teams on compensating controls, and updating program artifacts while maturing policies and procedures that support continuous compliance.
Contract Duration: 6-Months
Required Skills & Experience
Desired Skills & Experience
What You Will Be Doing
Daily Responsibilities
The FedRAMP Vulnerability Management Analyst is a contract role focused on reviewing vulnerability deviation requests and working directly with engineering and development teams to ensure timely remediation or formal approval of exceptions within a FedRAMP authorized SaaS environment. The analyst keeps the exception workflow moving by validating requests, guiding teams on compensating controls, and updating program artifacts while maturing policies and procedures that support continuous compliance.
Contract Duration: 6-Months
Required Skills & Experience
- At least three years in vulnerability or risk management.
- Experience with container and cloud environments such as EKS, ECS, or Kubernetes is beneficial.
Desired Skills & Experience
- Prior coordination with software engineering or DevOps teams on vulnerability remediation is strongly preferred.
What You Will Be Doing
Daily Responsibilities
- Receive and evaluate deviation and risk acceptance requests; confirm CVSS scores, affected assets, and proposed compensating controls.
- Meet with engineers and developers to understand technical constraints, agree on remediation timelines, and document alternative solutions that satisfy FedRAMP Moderate or High requirements.
- Draft or refine risk acceptance forms and POA&M entries; shepherd each request through security, compliance, and Authorizing Official approval.
- Maintain an up to date exception register with owners, due dates, and re validation checkpoints; remind stakeholders as deadlines approach.
- Update vulnerability management runbooks, service level agreements, and playbooks to reflect the approved deviation handling process and any new tooling integrations.
- Help integrate scanners or ticketing systems such as Prisma Cloud, Tenable, Qualys, and Jira so deviation status is captured and tracked automatically.
- Advise engineering teams on FedRAMP control requirements, acceptable compensating controls, and best practices for patching or mitigating findings.
- Support audits by supplying requested evidence and context prepared by the compliance team.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.