Vulnerability Management Analyst (Tenable/Nessus & Metrics)

Job Overview

Looking for a place that invests in you from day one? At DANE, we offer aggressive PTO, strong benefits, and ongoing learning opportunities, backed by a culture that values and supports our team.

We are seeking a Vulnerability Management Analyst (Tenable/Nessus & Metrics) to support vulnerability tracking, remediation coordination, and security metrics reporting in a federal technology environment. This is a junior-level role (1–3 years of experience) focused on execution and coordination, working hands-on with Tenable/Nessus, iPost, Power BI, Excel, and ticketing systems to ensure that vulnerability data is accurate, actionable, and reportable.

Details:

• Location: Hybrid - Onsite, Arlington, VA ,1 day/week and as needed
• Job Type: Full Time
• Education: Bachelor’s degree in computer science or Equivalent
• Experience: Minimum 1 year of relevant experience
• Clearance: Must hold Active DoD Secret Clearance or higher

Responsibilities

• Run authorized Tenable/Nessus scans using credentialed scan profiles and review exports to identify CVEs, plugin findings, KEV status, EOL/EOS software risks, and affected assets.
• Validate findings as true or false positives, track vulnerability age using first-seen/last-seen dates, and escalate unresolved findings to senior security staff or system owners.
• Support the full vulnerability lifecycle from intake and triage through ownership assignment, remediation tracking, retest/rescan validation, and closure evidence collection.
• Monitor KEV and Critical/High findings against federal remediation timelines (e.g., BOD 22-01) and flag aging, stale, or blocked findings for escalation.
• Build and maintain Power BI dashboards and Excel reports covering vulnerability posture, patch compliance, KEV status, finding aging, and ownership tracking using Power Query, slicers, and basic DAX measures.
• Produce recurring deliverables including Critical/High aging reports, Tenable/iPost reconciliation summaries, EOL/EOS tracking, and executive snapshots; document KPI definitions and data sources.
• Reconcile vulnerability data across Tenable/Nessus, iPost, ServiceNow/CA ServiceDesk, Jira, SharePoint, POA&M trackers, and Excel exports to identify mismatches and coverage gaps.
• Coordinate with security, development, infrastructure, database, and cloud teams and ISSO stakeholders to drive remediation through closure.

Qualifications

• Bachelor's degree in Computer Science or related field
• Active DOD Secret Clearance required
• 1–3 years of experience in cybersecurity operations, vulnerability management, SOC, cyber GRC, IT operations, or application security support; working knowledge of CVE, CVSS, KEV, false positives, POA&M tracking, risk acceptance, and vulnerability aging.
• Hands-on Tenable/Nessus experience: executing credentialed scans, analyzing plugin output and CVE findings, validating true/false positives, and building dashboards, saved filters, and exports for KEV, Critical/High, EOL/EOS, and aging tracking.
• Intermediate Power BI (Power Query, data modeling, DAX, slicers) and strong Excel skills (pivot tables, VLOOKUP/XLOOKUP, conditional formatting, deduplication) for vulnerability reporting and KPI tracking.
• Experience with iPost, ServiceNow, CA ServiceDesk, Jira, or SharePoint for remediation tracking; ability to reconcile data across multiple tools, identify mismatches, and maintain accurate ownership and evidence records.
• Familiarity with EOL/EOS software tracking, patch compliance, remediation exceptions, risk acceptance documentation, and closure evidence collection.
• Strong attention to detail, comfort working with large and messy datasets, and clear communication skills for translating technical findings into plain-language updates for leadership and non-technical stakeholders.

Preferred Qualifications

• Experience supporting federal cybersecurity programs or regulated environments; familiarity with NIST SP 800-53, RMF, A&A, ATO, POA&M lifecycle management, CISA BOD 22-01, and FedRAMP vulnerability requirements.
• Exposure to DevSecOps and application security tooling: SAST, DAST, SCA, container image scanning, secrets scanning, or Software Bill of Materials (SBOM) analysis.
• Basic understanding of enterprise patching for Windows Server, Windows workstations, .NET Framework, Java JRE, SQL Server, and endpoint agents; familiarity with Splunk or other SIEM platforms.
• Experience developing SOPs, RACI matrices, or workflow documentation in a security or IT operations context.
• Relevant certifications such as CompTIA Security+, CySA+, CEH, or equivalent entry-to-mid-level cybersecurity credentials.

DANE LLC is an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Pay

$70,000.00 - $85,000.00 per year

Benefits

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Professional development assistance
• Referral program
• Retirement plan
• Vision insurance