Position Details

Type Full-Time

Experience senior

Exp. Years 3+ years

Education Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent practical experience

Category Cybersecurity

About this role

Senior Vulnerability Management Analyst responsible for leading scanning operations, attack surface reduction programs, and remediation across a large federal client, with stakeholder engagement and policy development.

Key Responsibilities

Program Ownership: Lead and manage end-to-end vulnerability disclosure programs (VDP), attack surface management, SOPs, and program tracking
Scanning and Technical Execution: Operate Tenable.sc/io and web application scanners; triage findings
Remediation and Risk Management: Track remediation within SLAs; maintain POA&M and dashboards
Stakeholder Engagement: Build relationships with CISA, SOC, and contractor teams
Provide backfill coverage as needed

Technical Overview

Hands-on vulnerability management with Tenable.sc/io and OpenText ScanCentral; experience with CISA programs (VDP/FAST/BOD), ServiceNow ticketing, and POA&M documentation.

Ideal Candidate

The ideal candidate is a senior vulnerability management analyst with 3+ years in a federal setting, hands-on Tenable.sc/Ten able.io experience, and familiarity with CISA programs, ServiceNow, and POA&Ms.

Must-Have Skills

3+ years of hands-on vulnerability management experience within a federal agency environmentDemonstrated program ownership: VDPattack surface managementor equivalent independently managed programsProficiency with Tenable.sc and/or Tenable.io (scan configurationreport generationfalse positive management)Experience with CISA programs (VDPFASTBOD compliance) or equivalent federal cybersecurity initiativesWorking knowledge of ServiceNow or equivalent ITSM platforms for ticket managementAbility to produce cleanaccurate SOPsPOA&Msand stakeholder-facing documentationBachelor's degree in Computer ScienceInformation TechnologyCybersecurityor equivalent practical experienceActive security clearance or eligibility to obtain one preferred

Nice-to-Have Skills

Experience operating WebInspectOpenText ScanCentralor equivalent DAST/web application scanning toolsFamiliarity with Bugcrowd or other managed bug bounty platformsExperience with HSTS/HTTPS compliance monitoring aligned to BOD 18-01Active certifications: Security+CEHCISSPCISMor CVAExperience leading or co-leading standing meetings with federal stakeholders

Tools & Platforms

Tenable.scTenable.ioOpenText ScanCentralServiceNowBugcrowd

Required Skills

Vulnerability managementfederal environmentTenable.scTenable.ioOpenText ScanCentralWebInspectServiceNowPOA&MDMZHTTPSHSTSSOPsCISA FASTVDPbug bounty familiarity

Hard Skills

Tenable.scTenable.ioOpenText ScanCentralWebInspectOpenText ScanCentralDASTServiceNowPOA&MDMZHTTPSHSTSSOPsCISA FASTVDP

Soft Skills

communicationstakeholder managementleadershiprelationship buildingproblem solvingtechnical writingpresentation

Certifications

Preferred

Security+CEHCISSPCISMCertified Vulnerability Assessor (CVA)

Industry & Role

Industry Government/Public Sector

Job Function Own and operate vulnerability management programs for a large federal client.

Role Subtype Security Analyst

Tech Domains Cybersecurity

Keywords for Your Resume

vulnerability managementfederal environmentVDPCISA FASTOpenText ScanCentralTenable.scTenable.ioWebInspectDASTServiceNowPOA&MDMZHTTPSHSTSSOPssecurity clearancebug bountyregulatory compliancevulnerability dashboardsexecutive status briefings

Deal Breakers

Less than 3 years of vulnerability management experience, No Tenable.sc/io experience, No experience with federal programs like CISA FAST/VDP

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile