Description
Description
SAIC is seeking a Vulnerability Analyst to support a critical U.S. government agency in the National Capital Region. This role offers an exciting opportunity to lead and contribute to vulnerability management activities, risk assessments, and security compliance initiatives across hybrid environments. The analyst will play a key role in identifying, analyzing, and tracking vulnerabilities using industry-standard tools and processes.
The ideal candidate will have a strong understanding of cybersecurity principles and hands-on experience with vulnerability scanning tools such as Nessus, Tenable Security Center, Tenable.IO, Qualys WAS, or NMAP. This role involves executing complex scans, correlating and analyzing results, coordinating remediation efforts, and supporting compliance reporting. The analyst will work closely with stakeholders across IT, security engineering, and compliance teams to improve the agency's security posture.
Key Responsibilities:
· Plan and perform vulnerability scans and assessments across on-premises, hybrid, and cloud environments.
· Lead scanning activities for servers, endpoints, applications, and cloud infrastructure using tools such as Nessus, Security Center, Tenable.IO, Qualys WAS, and NMAP.
· Analyze and validate scan results, correlate findings, and determine severity and risk impact to prioritize remediation efforts.
· Collaborate with remediation teams, system owners, and senior security staff to track and resolve identified vulnerabilities.
· Monitor and tune scan configurations, troubleshoot scan failures, and recommend optimizations for improved coverage and performance.
· Maintain and update vulnerability tracking systems, dashboards, and compliance reports using tools like ServiceNow, SharePoint, Microsoft SQL, and PowerBI.
· Develop reports, briefs, and metrics to communicate vulnerability status, remediation progress, and compliance standing to leadership.
· Assist in refining policies, procedures, and workflows related to vulnerability management, security operations, and continuous monitoring.
· Stay up to date on emerging vulnerabilities, CVEs, threat intelligence, and best practices to proactively identify risk areas and improve security controls.
Qualifications
Qualifications & Experience:
· Bachelor's degree in Cybersecurity, Information Technology, or a related field. An additional 2 years of experience may be substituted for a degree.
· 3–5 years of experience in cybersecurity, vulnerability management, or security operations.
· Hands-on experience with vulnerability scanning tools (e.g., Tenable products, Qualys, or NMAP) and interpreting technical scan results.
· Familiarity with patch management processes, vulnerability remediation, and risk prioritization frameworks (e.g., CVSS, CISA KEV, etc.).
· Demonstrated experience supporting vulnerability lifecycle tracking and reporting using platforms such as ServiceNow, SharePoint, or PowerBI.
· Strong understanding of cybersecurity frameworks (e.g., NIST 800-53, NIST CSF) and basic compliance requirements.
Preferred Qualifications:
· Experience with vulnerability management in cloud environments (Azure, AWS, GCP).
· Proficiency in scripting or automation using Python, PowerShell, SQL, or DAX.
· Familiarity with SIEMs and security tool integration for contextualizing vulnerability data.
· Certifications such as CompTIA Security+, CySA+, CEH, or equivalent cybersecurity certifications.
· Strong communication and reporting skills, including experience presenting technical findings to non-technical audiences.
· Proven ability to work independently and collaborate with cross-functional teams in a fast-paced environment.
Clearance Requirement:
All candidates must be eligible to obtain a U.S. Public Trust Clearance.
**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**
Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Apply on company website
Find Connections via Linkedin
