Vulnerabilities Analyst

Vulnerabilities Analyst

Washington DC (3 Days hybrid)

Key Responsibilities:

• Plan and perform vulnerability scans and assessments across on-premises, hybrid, and cloud environments.
• Lead scanning activities for servers, endpoints, applications, and cloud infrastructure using tools such as Nessus, Security Center, Tenable.IO, Qualys WAS, and NMAP.
• Analyze and validate scan results, correlate findings, and determine severity and risk impact to prioritize remediation efforts.
• Collaborate with remediation teams, system owners, and senior security staff to track and resolve identified vulnerabilities.
• Monitor and tune scan configurations, troubleshoot scan failures, and recommend optimizations for improved coverage and performance.
• Maintain and update vulnerability tracking systems, dashboards, and compliance reports using tools like ServiceNow, SharePoint, Microsoft SQL, and PowerBI.
• Develop reports, briefs, and metrics to communicate vulnerability status, remediation progress, and compliance standing to leadership.
• Assist in refining policies, procedures, and workflows related to vulnerability management, security operations, and continuous monitoring.
• Stay up to date on emerging vulnerabilities, CVEs, threat intelligence, and best practices to proactively identify risk areas and improve security controls.

Qualifications

Qualifications & Experience:

• Bachelor s degree in Cybersecurity, Information Technology, or a related field. An additional 2 years of experience may be substituted for a degree.
• 3 5 years of experience in cybersecurity, vulnerability management, or security operations.
• Hands-on experience with vulnerability scanning tools (e.g., Tenable products, Qualys, or NMAP) and interpreting technical scan results.
• Familiarity with patch management processes, vulnerability remediation, and risk prioritization frameworks (e.g., CVSS, CISA KEV, etc.).
• Demonstrated experience supporting vulnerability lifecycle tracking and reporting using platforms such as ServiceNow, SharePoint, or PowerBI.
• Strong understanding of cybersecurity frameworks (e.g., NIST 800-53, NIST CSF) and basic compliance requirements.

Preferred Qualifications:

• Experience with vulnerability management in cloud environments (Azure, AWS, Google Cloud Platform).
• Proficiency in scripting or automation using Python, PowerShell, SQL, or DAX.
• Familiarity with SIEMs and security tool integration for contextualizing vulnerability data.
• Certifications such as CompTIA Security+, CySA+, CEH, or equivalent cybersecurity certifications.
• Strong communication and reporting skills, including experience presenting technical findings to non-technical audiences.
• Proven ability to work independently and collaborate with cross-functional teams in a fast-paced environment.

Clearance Requirement:

• All candidates must be eligible to obtain a U.S. Public Trust Clearance.

**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**