Vulnerability Management Engineer
About The Position
The Vulnerability Management Engineer (FedRAMP & Pen Test Support) is responsible for delivering and scaling Quzara’s Authorized Vulnerability Management Services while providing technical enablement for high-impact penetration testing efforts supporting federal and regulated customers. This role owns the end-to-end vulnerability management lifecycle, including scanner configuration, continuous monitoring execution, remediation coordination, and tool maintenance. The position requires hands-on expertise with enterprise vulnerability scanning platforms and penetration testing toolchains, as well as a deep understanding of FedRAMP Continuous Monitoring (ConMon) and NIST 800-53 requirements. The ideal candidate is a practitioner who can operate independently in regulated environments, maintain audit-ready tooling, and translate scan output into actionable remediation guidance.
Requirements
- 4+ years of experience in Vulnerability Management or Penetration Testing support within FedRAMP or Federal environments.
- Expert-level proficiency with Tenable.io / Nessus, including scanner deployment, policy tuning, and result interpretation.
- Hands-on experience maintaining and operating penetration testing platforms (e.g., Kali Linux, Burp Suite, Metasploit).
- Strong working knowledge of NIST SP 800-53 control requirements and FedRAMP Continuous Monitoring processes.
- Experience translating vulnerability findings into POA&Ms, remediation plans, and audit-ready documentation.
- Ability to collaborate cross-functionally with infrastructure, SRE, DevSecOps, and compliance teams.
- Must be a U.S. Citizen and eligible to support federal contracting environments.
Nice To Haves
- Tenable Certified Nessus Expert
- One or more of the following:
- Certified Ethical Hacker (CEH)
- CompTIA PenTest+
- Certified Information Systems Security Professional (CISSP).
Responsibilities
- Install, configure, maintain, and patch penetration testing toolsets (e.g., Burp Suite Pro, Metasploit, Kali Linux) for use in federal and regulated engagements.
- Execute and manage monthly FedRAMP Continuous Monitoring (ConMon) activities, including vulnerability scanning, deviation analysis, and POA&M generation.
- Configure, optimize, and maintain Tenable.io / Nessus scanners and web application scanning (WAS) tools to ensure accurate and comprehensive asset coverage.
- Own the health, licensing, patching, and lifecycle management of all vulnerability management and penetration testing tools to ensure continuous audit readiness.
- Analyze scan results and collaborate with Site Reliability Engineers (SREs), infrastructure teams, and application owners to drive timely remediation.
- Interpret vulnerability data across Windows, Linux, database, container, and web application assets and provide remediation guidance aligned with federal baselines.
- Support penetration testing preparation and execution by ensuring testing environments, tools, and configurations are compliant and operational.
- Provide vulnerability evidence, scan reports, and remediation documentation to support FedRAMP, FISMA, and third-party assessment activities.
- Continuously improve vulnerability management processes, scan coverage, and reporting accuracy across Quzara environments.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
11-50 employees
