Vulnerability Management Systems Analyst - Contract - Remote - local to SC-

About The Position

Requirements

• 5+ years of experience with vulnerability management tools (Qualys, Tenable, Rapid7)
• 5+ years of experience in deploying, configuring, and operating vulnerability management platforms
• Strong experience with Windows and Linux operating systems
• 5+ years of experience with CVSS scoring, POA&M tracking, and risk mitigation
• Strong understanding of enterprise IT security environments

Nice To Haves

• Knowledge of security frameworks: NIST, PCI DSS, ITIL, CVSS, MITRE ATT&CK
• Experience with scripting/automation (Python, PowerShell, Bash)
• Experience leading enterprise or large-scale vulnerability management programs
• Familiarity with enterprise security operations environments
• Local to Columbia, SC or nearby regions preferred

Responsibilities

• Administer and support enterprise vulnerability management platforms (Qualys, Tenable, Rapid7, or similar)
• Configure scanning policies, schedules, asset groups, and reporting dashboards
• Ensure continuous vulnerability scanning coverage across servers, endpoints, applications, and cloud environments
• Monitor platform health and ensure scan accuracy and reliability
• Analyze vulnerability scan results and validate findings
• Prioritize vulnerabilities based on CVSS scores, exploitability, and asset criticality
• Identify security gaps, exposure risks, and systemic vulnerabilities
• Support risk classification and residual risk documentation
• Develop and maintain POA&M (Plan of Action and Milestones) tracking for remediation efforts
• Coordinate with technical teams and agencies to ensure timely vulnerability remediation
• Track remediation progress against defined service level objectives (SLOs)
• Recommend compensating controls when immediate remediation is not possible
• Work closely with multiple agencies, IT teams, and security stakeholders
• Conduct vulnerability review meetings and provide actionable remediation guidance
• Communicate technical risks in clear business terms for leadership reporting
• Support enterprise-wide coordination of vulnerability management activities
• Develop vulnerability dashboards, reports, and executive summaries
• Provide regular updates on risk posture, trends, and remediation status
• Support audit and compliance reporting requirements
• Ensure alignment with standards such as NIST, PCI DSS, ITIL, and CVSS frameworks
• Support configuration and tuning of vulnerability scanning tools
• Improve scanning efficiency, coverage, and accuracy
• Assist in integrating vulnerability platforms with SIEM, ticketing, and ITSM tools
• Develop scripts using Python, PowerShell, or Bash for automation of reporting and workflows
• Automate vulnerability data extraction, reporting, and tracking processes
• Provide guidance and training to agency teams on vulnerability management practices
• Develop documentation, procedures, and best practices
• Support onboarding of new teams into vulnerability management processes
• Identify opportunities to improve vulnerability management maturity
• Recommend process improvements and automation opportunities
• Stay updated on emerging threats, vulnerabilities, and security trends