Vulnerability Analyst

Position Overview

We are seeking a Systems Security Engineer with a strong background in vulnerability management to support the design, integration, and security of mission‑critical IT systems. This role focuses on assessing, testing, and maintaining system security controls across the full system development life cycle (SDLC), ensuring compliance with DoD security standards and risk management frameworks.

• Perform vulnerability management activities, including identification, analysis, tracking, and remediation of system and application vulnerabilities.
• Provide security engineering analysis supporting the design and integration of hardware, software, man‑machine interfaces, and system‑level requirements.
• Develop system security test requirements, plans, and strategies.
• Conduct security control assessments and testing to validate compliance with security requirements.
• Perform vulnerability and risk analyses of applications throughout all phases of the SDLC.
• Track, assess, and apply Security Technical Implementation Guides (STIGs) and system patches.
• Support Risk Management Framework (RMF) processes, including documentation, control implementation, and continuous monitoring.
• Maintain and update system authorization artifacts using eMASS.

• Minimum of 4 years of experience performing vulnerability management in an enterprise or DoD environment.
• Hands‑on experience conducting vulnerability and risk assessments across the SDLC.
• Experience with STIG implementation and patch management.
• Working knowledge of RMF processes and eMASS.
• CompTIA Security+ certification (required).

• Experience supporting DoD or other federal mission environments.
• Familiarity with system security testing tools and methodologies.
• Ability to work closely with system engineers, developers, and stakeholders to remediate security risks.