Vulnerability Analyst Tester (VA Tester)

Vulnerability Analyst Tester (VA Tester)

Cyber Tron

Responsibilities

• Plan and perform vulnerability scans and assessments across on‑premises, hybrid, and cloud environments.
• Lead scanning activities for servers, endpoints, applications, and cloud infrastructure using tools such as Nessus, Security Center, Tenable. IO, Qualys WAS, and NMAP.
• Analyze and validate scan results, correlate findings, and determine severity and risk impact to prioritize remediation efforts.
• Collaborate with remediation teams, system owners, and senior security staff to track and resolve identified vulnerabilities.
• Monitor and tune scan configurations, troubleshoot scan failures, and recommend optimizations for improved coverage and performance.
• Maintain and update vulnerability tracking systems, dashboards, and compliance reports using tools like Service Now, SharePoint, Microsoft SQL, and Power BI.
• Develop reports, briefs, and metrics to communicate vulnerability status, remediation progress, and compliance standing to leadership.
• Assist in refining policies, procedures, and workflows related to vulnerability management, security operations, and continuous monitoring.
• Stay up to date on emerging vulnerabilities, CVEs, threat intelligence, and best practices to proactively identify risk areas and improve security controls.
• All other duties assigned.

Qualifications

• Hands‑on experience with vulnerability scanning tools (e.g., Tenable products, Qualys, or NMAP) and interpreting technical scan results.
• Familiarity with patch management processes, vulnerability remediation, and risk prioritization frameworks (e.g., CVSS, CISA KEV, etc.).
• Demonstrated experience supporting vulnerability lifecycle tracking and reporting using platforms such as Service Now, SharePoint, or Power BI.
• Strong understanding of cybersecurity frameworks (e.g., NIST 800‑53, NIST CSF) and basic compliance requirements.

Preferred Qualifications

• Experience with vulnerability management in cloud environments (Azure, AWS, GCP).
• Proficiency in scripting or automation using Python, Power Shell, SQL, or DAX.
• Familiarity with SIEMs and security tool integration for contextualizing vulnerability data.
• Strong communication and reporting skills, including experience presenting technical findings to non‑technical audiences.
• Proven ability to work independently and collaborate with cross‑functional teams in a fast‑paced environment.

Clearance

• A current DoD secret or higher, clearance.

Education & Experience

• Bachelor's degree in Cybersecurity, Information Technology, or a related field. An additional 2 years of experience may be substituted for a degree.
• Offensive Security Certified Professional (OSCP) Certification
• 3–10 years of experience in cybersecurity, vulnerability management, or security operations.

Location

• Monday‑Friday.

Travel

• None