Vulnerability Analyst II Job Description

Position Summary

Essential Duties and Responsibilities

• Perform enterprise vulnerability assessments and compliance scans using SBA-approved tools such as Tenable Security Center (SC) Nessus and Microsoft TVM.
• Review identified vulnerabilities assess impact and risk and provide remediation recommendations for operating systems applications network devices and cloud environments.
• Support continuous monitoring and Risk Management Framework (RMF) activities in accordance with NIST SP 800-37 NIST SP 800-53 Rev. 5 and NIST SP 800-53A.
• Assist with the creation maintenance and review of cybersecurity documentation including System Security Plans (SSPs) Security Assessment Reports (SARs) Plans of Action and Milestones (POA&Ms) Configuration Management Plans (CMPs) and contingency documentation.
• Support control assessments and validation activities by documenting NIST 800-53A Determine If Statements (DISs) and mapping vulnerabilities to applicable controls.
• Conduct vulnerability scanning activities every 72 hours across workstations servers routers switches and cloud-based assets in accordance with SBA requirements.
• Monitor CISA Known Exploited Vulnerabilities (KEV) listings and Binding Operational Directives (BODs) to identify and report emerging risks.
• Track zero-day vulnerabilities coordinate remediation activities and provide ad hoc reporting to leadership and stakeholders.
• Generate weekly vulnerability reports dashboards and briefing materials for ISSOs system owners and management.
• Assist with audit preparation and support activities involving IG GAO internal auditors and external assessors.
• Maintain scanning infrastructure including scanner deployment configuration plugin updates scan repositories and vulnerability management SOPs.
• Support FedRAMP Continuous Monitoring (CONMON) activities by reviewing vulnerability reports and assessing vendor remediation activities.
• Participate in change management security operations meetings and enterprise cybersecurity coordination activities.
• Ensure all deliverables are complete accurate aligned with agency templates and delivered within required timeframes.

Minimum Qualifications

• Bachelors degree in Cybersecurity Information Technology Computer Science Information Assurance or related discipline. Additional years of experience may substitute for degree requirements.
• 36 years of experience supporting vulnerability management cybersecurity compliance RMF or information assurance activities in a federal environment.
• Experience performing vulnerability assessments and remediation activities using Tenable SC/Nessus or equivalent tools.
• Knowledge of FISMA NIST RMF NIST SP 800-53 Rev. 5 NIST SP 800-53A NIST SP 800-137 and related federal cybersecurity standards.
• Experience supporting POA&M management security assessments continuous monitoring and audit response activities.
• Working knowledge of Windows Linux/Unix network infrastructure cloud platforms and enterprise security technologies.
• Strong written and verbal communication skills with the ability to produce technical documentation and executive-level reports.
• Ability to analyze security findings prioritize risks and coordinate remediation with technical stakeholders.

Preferred Certifications

• CompTIA Security
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• GIAC Security Certifications (GSEC GPEN or similar)
• Tenable Certified Professional or equivalent vulnerability management certification