Vulnerability Analyst II

The Vulnerability Analyst II provides cybersecurity risk, vulnerability management, and compliance support services in alignment with the SBA Enterprise Cybersecurity Services (ECS) RFQ Task Area 3.5.2. The position supports the SBA Risk Management Framework (RMF), FISMA compliance initiatives, Information System Continuous Monitoring (ISCM), vulnerability management, controls assessment activities, audit support, and continuous monitoring operations across enterprise systems and cloud environments.

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Assurance, or related discipline
• 3-6 years of experience supporting vulnerability management, cybersecurity compliance, RMF, or information assurance activities in a federal environment
• Experience performing vulnerability assessments and remediation activities using Tenable SC/Nessus or equivalent tools
• Knowledge of FISMA, NIST RMF, NIST SP 800-53 Rev. 5, NIST SP 800-53A, NIST SP 800-137, and related federal cybersecurity standards
• Experience supporting POA&M management, security assessments, continuous monitoring, and audit response activities
• Working knowledge of Windows, Linux/Unix, network infrastructure, cloud platforms, and enterprise security technologies
• Strong written and verbal communication skills with the ability to produce technical documentation and executive-level reports
• Ability to analyze security findings, prioritize risks, and coordinate remediation with technical stakeholders

Benefits

• Generous Paid Time Off
• 401k Matching
• Retirement Plan