Sr IT Security/Vulnerability Management Specialist

AAC•Bethesda, MD

5d•Hybrid

About The Position

AAC is seeking a Senior Security Analyst focusing on Vulnerability Management to join our security compliance team. In this role, you will work closely with the Information Systems Security Officer (ISSO) and play a critical part in safeguarding the organization’s IT infrastructure. You will be part of a broader IT program that provides end-to-end support—including help desk, systems, network, incident response, and security services—ensuring the availability, integrity, and confidentiality of mission-critical systems.

Requirements

Experience with Tenable.sc, Tenable.io, Nessus Manager, and Nessus scanners (on-prem and cloud).
Ability to analyze, prioritize, and track remediation of vulnerabilities.
Experience maintaining scan schedules, asset groups, scan policies, dashboards, and reports.
Skill in communicating risk posture and remediation progress to relevant teams.
Experience defining scanner and security center architecture.
Ability to refine data flows and synchronizations.
Proficiency in tuning scanning configurations.
Experience developing and maintaining documentation for system setup, operation, vulnerability management processes, exceptions, and remediation tracking.
Experience supporting implementation of security projects.
Subject Matter Expert (SME) for vulnerability management tools and processes.
Knowledge of FISMA and FedRAMP related Security Assessment and Authorization (SA&A) and compliance.
Experience assisting in coordination, implementation, communication, and enforcement of IT security policies.
Experience supporting incident response.

Responsibilities

Lead the agency’s vulnerability management lifecycle using Tenable.sc, Tenable.io, Nessus Manager, and Nessus scanners (on-prem and cloud).
Analyze, prioritize, and track remediation of vulnerabilities in coordination with IT operations and system owners.
Maintain scan schedules, asset groups, scan policies dashboards, and reports tailored to agency infrastructure and communicate risk posture and remediation progress to relevant infrastructure, application, and cloud teams to remediate vulnerabilities.
Define the scanner and security center architecture, refine data flows and synchronizations, tune scanning configurations to minimize false positives and ensure the best coverage.
Develop and maintain documentation for system setup, operation, vulnerability management processes, exceptions, and remediation tracking.
Support implementation of security projects that require compliance with relevant government policies or standards.
Act as SME for vulnerability management tools and processes.
Ensure systems and practices comply with FISMA and FedRAMP related Security Assessment and Authorization (SA&A) and compliance for the organization’s IT programs.
Assist in coordination, implementation, communication, and enforcement of the organization’s IT security policies.
Support incident response.