Senior Vulnerability Management Analyst

About The Position

Requirements

• Minimum of a Bachelor’s degree and 8 + years of experience, a Master's degree and 6+ years of relevent experience, or a PhD and 3+ years of experience in vulnerability management, cybersecurity operations, or IT security. Cybersecurity, IT, Computer Science, or related degrees are preferred.
• Working knowledge of vulnerability scanning tools (Tenable, Qualys, etc.) and security information platforms.
• Understanding of NIST RMF, FISMA, and federal security policies.
• Experience analyzing CVEs, CVSS scoring, and vulnerability exploitability.
• Strong analytical, communication, and documentation skills.
• Ability to obtain and maintain the required Public Trust clearance.
• This is a remote capable position, however, candidates must reside in the Maryland/DC/NoVA local area.

Nice To Haves

• Prior experience supporting FAA, DOT, or other federal cybersecurity programs.
• Familiarity with National Airspace System (NAS) environments or aviation technology.
• Certifications such as Security+, CySA+, CEH, GSEC, GCIH, or similar.
• Experience with POA&M management, RMF packages, or continuous monitoring activities.
• Knowledge of configuration management and patch management processes.

Responsibilities

• Vulnerability Identification & Analysis Perform regular vulnerability scanning of FAA networks, systems, and applications using FAA-approved toolsets (e.g., Tenable Nessus, Qualys, ACAS, Rapid7).
• Analyze scan results to identify threats, misconfigurations, and weaknesses across FAA environments.
• Validate findings, assess severity and risk impact, and distinguish false positives from actionable vulnerabilities.
• Risk Prioritization & Reporting Prioritize vulnerabilities based on FAA risk models, mission impact, threat intelligence, and criticality of affected assets.
• Prepare detailed vulnerability and risk reports for FAA stakeholders, ISSOs, SOC teams, and system owners.
• Support creation of dashboards, metrics, and trend analyses to measure vulnerability remediation performance.
• Remediation Coordination Collaborate with FAA system owners, network engineers, developers, and operations teams to drive timely remediation of findings.
• Track remediation efforts, document mitigation strategies, and verify closure of vulnerabilities.
• Provide technical recommendations to reduce exposure and strengthen system defenses.
• Compliance & Governance Support adherence to federal cybersecurity frameworks including NIST 800-53, NIST CSF, FISMA, TIC, and FAA information security policies.
• Assist with POA&M (Plan of Action & Milestones) documentation, updates, and lifecycle management.
• Participate in ATO (Authorization to Operate) and continuous monitoring activities within the RMF process.
• Continuous Improvement & Security Enhancement Contribute to development and refinement of vulnerability management procedures, SOPs, and scanning schedules.
• Stay current with emerging threats, CVEs, and security advisories relevant to aviation and federal agencies.
• Support incident response teams by providing vulnerability insights that inform threat analysis and containment.