Vulnerability Assessor

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related discipline (four additional years of equivalent experience may substitute).
• Minimum 5+ years of cybersecurity or vulnerability management experience.
• Active DoD Secret clearance
• DoD 8570.01-M IAT Level II certification (e.g., Security+ CE, CySA+, CCNA-Security).
• Hands-on experience with ACAS (Tenable/Nessus) and STIG compliance tools.
• Strong analytical, documentation, and communication skills.
• Working knowledge of vulnerability scanning, risk assessment methodologies, and remediation tracking.

Nice To Haves

• Familiarity with DoW (DoD) RMF, eMASS, and DISA STIG/SRG compliance.
• Understanding of NIST SP 800-53, CNSSI 1253, and DoDI 8510.01 frameworks.
• Knowledge of common cybersecurity threats, exploits, and attack vectors.
• Experience supporting federal or DoD IT environments.
• Positive, proactive approach and ability to collaborate effectively across remote and on-site teams.

Responsibilities

• Conduct vulnerability scans using ACAS (Tenable/Nessus), STIG Viewer, and related DoD-approved assessment tools.
• Categorize and analyze vulnerabilities in accordance with NIST SP 800-53, DISA STIGs, and DoDI 8510.01 (RMF).
• Collaborate with Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), and system administrators to track remediation and update Plans of Action and Milestones (POA&Ms).
• Prepare and maintain vulnerability assessment reports and risk summaries for leadership.
• Support RMF Steps 3–6 and Continuous Monitoring documentation within eMASS.
• Research and evaluate emerging technologies to identify new or evolving risks and recommend mitigation strategies.