Senior Vulnerability Management Analyst

  • Washington D.C., DC
  • Posted 1 day ago | Updated 7 hours ago

Overview

Hybrid
Depends on Experience
Full Time

Skills

Tenable Nessus

Job Details

  • Develop, maintain, and update vulnerability management documentation including reports, SOPs, playbooks, and process guides.
  • Operate and administer Vulnerability Disclosure Platforms (VDPs) such as BugCrowd and HackerOne, supporting vulnerability verification, remediation tracking, and closure.
  • Correlate risks identified through Penetration Testing, IV&V processes, and VDP submissions, providing actionable recommendations for program improvements.
  • Conduct vulnerability scanning, analysis, and reporting using industry tools including:
    • Tenable Nessus
    • DBProtect
    • WebInspect
    • Acunetix
  • Support automation of vulnerability data ingestion into ServiceNow platforms, enabling asset correlation, analytics, and dashboard generation.
  • Provide subject matter expertise on ServiceNow GRC, ServiceNow Security Operations (SecOps), and the Vulnerability Response Module (VRM).
  • Deliver recommendations to enhance and mature the Vulnerability Management and VDP programs.
  • Collaborate with stakeholders across SaaS (Azure, Oracle) and IaaS environments to ensure effective vulnerability lifecycle management.
  • Support Incident Response (IR) activities during office hours as required.

Required Skills & Qualifications

  • Proficiency in developing technical documentation including SOPs, playbooks, after-action reports, and executive-level dashboards using Microsoft Word, PowerPoint, and Excel (pivot tables, macros, advanced formulas).
  • Hands-on experience with Vulnerability Disclosure Platforms (VDPs) such as BugCrowd and HackerOne, including triage, verification, and coordination of remediation activities.
  • Strong working knowledge of ServiceNow modules, including:
    • Governance, Risk, and Compliance (GRC)
    • Security Operations (SecOps)
    • Vulnerability Response Module (VRM)
  • Demonstrated ability to run and analyze vulnerability scans using industry-standard tools:
    • Tenable Nessus
    • DBProtect
    • WebInspect
    • Acunetix
  • Experience automating vulnerability management workflows, including:
  • Parsing and ingesting scanner outputs into ServiceNow VRM
  • Correlating vulnerabilities with asset inventory and configuration data
  • Developing analytics, dashboards, and automated remediation workflows
  • Knowledge of Independent Verification & Validation (IV&V) processes, with ability to correlate findings from penetration tests, VDP submissions, and vulnerability scans.
  • Technical expertise in SaaS environments (Azure, Oracle Cloud) and IaaS platforms (AWS, Azure, OCI, etc.) including identity, access, and patch management considerations.
  • Familiarity with scripting/automation languages (Python, PowerShell, Bash) for vulnerability data parsing, API integration, and process automation.
  • Ability to support Incident Response (IR) activities during office hours, including vulnerability exploitation analysis and remediation support
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.