Senior Vulnerability Management Analyst

Hybrid | Washington D.C. | 1 Day a Week Onsite

US Citizenship Requred

Summary

Our client is an employee and Service-Disabled, Veteran-owned Small Business focused on providing niche technical services. They are a team of experienced cybersecurity professionals with a track record of success in the Federal, Commercial, and Academic workspaces. Additionally, our client designs, builds, operates, and secures scalable cloud and IT infrastructures to meet their customers’ near-term needs and fulfill their long-term requirements.

Responsibilities

Our client is seeking a Senior Vulnerability Management Analyst to lead and establish a comprehensive Vulnerability Management (VM) program within the Cybersecurity Operations Unit. This role will focus on designing policies, procedures, and protocols for identifying, categorizing, and managing vulnerabilities across the client’s systems and networks, ensuring compliance with federal requirements, and overseeing the timely remediation of vulnerabilities.

• Develop and implement a comprehensive VM program, including policies, procedures, and protocols for identifying and managing vulnerabilities
• Ensure prompt identification, analysis, and remediation of vulnerabilities affecting internal and external information systems
• Create and maintain compliance with federal vulnerability directives such as Binding Operational Directive (BOD) 22-01
• Provide expertise in using security technologies such as Tenable, Nessus, Invicti, Splunk, and other VM tools
• Oversee vulnerability management in on-premises and cloud environments, including AWS, Microsoft Azure, Google Cloud, and Data Centers
• Collaborate with system owners to design mitigation strategies, patch systems, and address vulnerabilities that cannot be patched
• Analyze systems, network configurations, and web applications to identify vulnerabilities and ensure remediation
• Build dashboards, metrics, and reports to measure the effectiveness and health of the VM program
• Research and recommend new capabilities to enhance the VM program and adapt to Zero Trust architecture
• Develop workflows and automation tools to streamline vulnerability management processes
• Provide reports on the progress of vulnerability remediation and compliance with security requirements
• Author documentation, including VM program doctrine, mitigation strategies, and analysis reports

Requirements

• 5-7+ years of relatable experience is required for this position
• Extensive experience with vulnerability scanning tools, such as Tenable, Nessus, and SIEM solutions (e.g., Splunk)
• Strong knowledge of managing vulnerabilities in both on-premises systems and cloud environments (AWS, Azure, Google Cloud)
• Familiarity with industry standards and federal government regulations related to vulnerability management
• Experience developing and implementing mitigation strategies to address vulnerabilities
• Ability to analyze systems, configurations, and web applications to identify vulnerabilities and implement appropriate remediation
• Experience with developing workflows and forms using tools like ServiceNow, SharePoint, PowerApps, and Tableau for visualization
• Proven ability to write documentation, including reports, program documents, and policies related to vulnerability management

Preferred Requirements

• Familiarity with the OWASP Top Ten vulnerabilities and understanding of vulnerability program management at the programmatic level
• Experience in automating aspects of the VM program using AI/ML or other advanced technologies
• Experience with federal regulations related to cybersecurity, particularly in vulnerability management and compliance
• Strong communication skills for developing presentations and reports for senior management and stakeholders

Education/Certification Requirements

• None