Vulnerability Management Analyst

Overview

DecisionPoint seeks a Vulnerability Management Analyst to support enterprise cybersecurity operations across a federal and DoD-aligned mission environment. This role conducts vulnerability scanning, patch verification, security analysis, prioritization of findings, mitigation tracking, and updates to Plan of Action and Milestones (POA&Ms). The analyst will help ensure systems remain compliant with DoD and federal cybersecurity controls by continuously identifying, validating, and monitoring vulnerabilities across cloud and on-premise environments.

The Vulnerability Management Analyst plays a key role in enhancing the security posture of mission systems by providing actionable insights, collaborating with engineering teams, and maintaining visibility into risk trends and remediation progress.

This position is fully remote.

Note: By applying to this position, you acknowledge and consent to having your resume included in an active competitive government contract bid.

Duties & Responsibilities

The Vulnerability Management Analyst will:

• Conduct ACAS vulnerability scans across enterprise systems, applications, and cloud workloads.

• Validate vulnerability scan results, confirm patch levels, and verify remediation status across environments.

• Analyze vulnerabilities for exploitability, potential impact, and relevance to mission systems.

• Prioritize vulnerabilities based on severity, risk scoring, operational context, and DoD guidance.

• Coordinate with engineering, system administration, and cloud teams on mitigation steps and remediation timelines.

• Update, track, and maintain POA&Ms with accurate vulnerability details and milestone progress.

• Provide vulnerability summaries, dashboards, and reporting to cybersecurity leadership and government stakeholders.

• Support continuous monitoring activities and reporting cycles in accordance with DoD RMF requirements.

• Validate STIG-related findings and support configuration compliance checks.

• Maintain ACAS scanning schedules, asset coverage, and scan completeness across environments.

• Contribute to incident response efforts when vulnerabilities are linked to active threats.

• Document vulnerability processes, scanning standards, and remediation workflows.

Qualifications

Clearance Requirement

Must hold an active Top Secret clearance, supported by a Tier 5 background investigation.

Education (Required)

Bachelor's degree in Cybersecurity, Information Technology, or a related field.

Experience (Required)

• Minimum 5 years of experience in vulnerability management, cybersecurity operations, or system security analysis.

• Experience running ACAS/Nessus scans and validating vulnerability data.

• Experience analyzing vulnerabilities, prioritizing risk, and coordinating remediation with technical teams.

• Experience updating POA&Ms, tracking mitigation progress, and supporting RMF continuous monitoring.

• Experience performing patch verification and configuration-compliance checks.

Technical Knowledge (Required)

• Proficiency with ACAS and Nessus scanning tools.

• Knowledge of vulnerability scoring (CVSS), exploitability assessment, and prioritization frameworks.

• Understanding of DoD RMF continuous monitoring requirements and POA&M processes.

• Knowledge of STIGs, secure configuration baselines, and compliance validation.

• Familiarity with SIEM platforms, log analysis, and threat context enumeration.

Technical Knowledge (Preferred)

• Experience with cloud security scanning tools, especially AWS-native or container security scanners.

• Experience with automation or scripting (Python, PowerShell) for data extraction or report generation.

• Familiarity with enterprise asset management and CMDB tools.

Certifications

Required:

• Security+

Preferred:

• CEH

• ACAS Certification

• Additional DoD 8570/8140 cybersecurity certifications

Skills

• Strong analytical and investigative abilities for evaluating vulnerabilities and identifying true risk.

• Excellent written and verbal communication skills for producing reports and collaborating with technical teams.

• High attention to detail for validating scan results, documenting findings, and maintaining POA&M accuracy.

• Ability to manage multiple priorities and operate in a fast-paced, mission-critical environment.

• Strong organizational and documentation skills to support tracking, reporting, and compliance workflows.

Our Equal Employment Opportunity Policy

• EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
• Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
• Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.