[Remote] Vulnerability Management Analyst
Note: The job is a remote job and is open to candidates in USA. Dragonfli Group is an award-winning cybersecurity advisory firm that provides high-impact security solutions to federal agencies and enterprise clients. The Senior Vulnerability Management Analyst will own and operate vulnerability management programs for a large federal client, leading scanning operations and managing stakeholder relationships while driving remediation efforts to closure.ResponsibilitiesLead and manage end-to-end vulnerability disclosure programs (VDP), including coordination with ethical hackers, system owners, and agency stakeholdersOwn attack surface management programs (e.g., CISA FAST), including scheduling, scope management, findings coordination, and POA&M documentationManage and update Standard Operating Procedures (SOPs), SharePoint repositories, and program tracking documentationLead recurring stakeholder syncs (weekly vulnerability management meetings, DMZ syncs, Security Report presentations)Operate and maintain enterprise vulnerability scanning platforms including Tenable.sc, Tenable.io, and web application scanning tools (OpenText ScanCentral or equivalent)Scope, schedule, execute, and report on vulnerability scans across large, complex federal environmentsAnalyze scan results to identify critical and high-severity findings; triage false positives; prioritize remediation activitiesManage hardware/software certification pipelines; process ServiceNow tickets within defined SLAsSupport transition from legacy tools to modernized scanning platforms with minimal operational disruptionTrack and drive remediation of critical, high, and all severity-tiered vulnerabilities to closure within program SLAsMaintain accurate POA&M records for all open findings across program scopeProduce and present vulnerability dashboards, compliance reports, and executive-level status briefingsValidate remediation effectiveness through post-remediation scanning and analysisMonitor HTTPS/HSTS compliance and other BOD requirements (BOD 18-01, BOD 20-01, and others as applicable)Build and maintain working relationships with CISA contacts, agency system owners, SOC personnel, and contractor teamsCommunicate vulnerability risks and remediation recommendations clearly to both technical and non-technical audiencesServe as subject matter expert and primary point of contact for assigned programsProvide backfill coverage across vulnerability management workstreams as neededSkills3+ years of hands-on vulnerability management experience within a federal agency environmentDemonstrated program ownership: VDP, attack surface management, or equivalent independently managed programsProficiency with Tenable.sc and/or Tenable.io (scan configuration, report generation, false positive management)Experience with CISA programs (VDP, FAST, BOD compliance) or equivalent federal cybersecurity initiativesWorking knowledge of ServiceNow or equivalent ITSM platforms for ticket managementAbility to produce clean, accurate SOPs, POA&Ms, and stakeholder-facing documentationBachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent practical experienceActive security clearance or eligibility to obtain one preferredExperience operating WebInspect, OpenText ScanCentral, or equivalent DAST/web application scanning toolsFamiliarity with Bugcrowd or other managed bug bounty platformsExperience with HSTS/HTTPS compliance monitoring aligned to BOD 18-01Active certifications: Security+, CEH, CISSP, CISM, or Certified Vulnerability Assessor (CVA)Experience leading or co-leading standing meetings with federal stakeholdersBenefitsHealth, Dental, and Vision InsurancePTO401(k)Remote work flexibilityExposure to high-impact federal cybersecurity programsDirect access to firm leadership and career development opportunitiesCompany OverviewThe Dragonfli Group is a Washington, DC based LLC specializing in management and technology consulting. It was founded in 2008, and is headquartered in Washington, District of Columbia, USA, with a workforce of 11-50 employees. Its website is https://www.dragonfligroup.com/.