Vulnerability Analyst, Senior

About The Position

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Clearance: Active TS/SCI clearance.
• Candidate must meet ONE of the following: Bachelor’s degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR Relevant DoD/military training (example: Cyber 101); OR Relevant professional certification or equivalent experience (examples: SecurityX/CASP+; CCISO; CCSP; CISM; CISSO; CISSP; GSLC).
• Vulnerability management, cybersecurity operations, or risk assessment experience with at least 3 years in senior VM or program‑level roles.
• Deep expertise with ACAS/NESSUS, Forescout/NAC, STIG/SRG interpretation, eMASS POA&M workflows, and vulnerability adjudication methodologies.
• Strong capability correlating vulnerabilities to assets/configuration baselines, assessing exploitability, and producing actionable remediation plans.
• Proven experience producing dashboards, trend analyses, and executive briefings on vulnerability posture and remediation progress.
• Familiarity with automation for scanning, ticketing integration, and evidence collection to support RMF/ATO processes.

Nice To Haves

• Prior DoD/ARNG VM leadership or CCRI support experience.
• Experience integrating VM with detection engineering, patch orchestration, and threat intelligence to enable prioritized, threat‑informed remediation.

Responsibilities

• Establish and govern enterprise vulnerability management strategy: scanning methodologies, validation protocols, and assessment standards aligned with RMF, DoD, and Army requirements.
• Oversee analysis of vulnerability outputs (ACAS, Forescout, STIG findings, etc.) to adjudicate risk, confirm exploitability, and drive accurate POA&M entries and eMASS/evidence updates.
• Correlate vulnerability data with asset inventories, configuration baselines, patch management records, and change control to ensure remediation accountability and enterprise visibility.
• Direct remediation validation: coordinate with system owners and engineering teams to verify fixes, retest corrections, and close recurring compliance gaps.
• Produce executive‑grade vulnerability trend analyses, CCRI readiness assessments, risk briefings, and dashboard metrics to inform leadership decision‑making.
• Lead continuous improvement of VM workflows, detection/prioritization criteria, reporting standards, and automation to enhance continuous monitoring efficacy.
• Support incident response and threat‑driven remediation by providing vulnerability context, exploitability analysis, and prioritized mitigation guidance.