Vulnerability Management Analyst

DANE LLC
Chantilly, Loudoun County, VA

Job Description

Job Description

Benefits:

  • Life/STD/LTD
  • FSA/DCA
  • 401(k)
  • Employee discounts
  • Paid time off
  • 401(k) matching
  • Dental insurance
  • Health insurance
  • Tuition assistance
  • Vision insurance
Description

Looking for a place that invests in you from day one? At DANE, we offer aggressive PTO, strong benefits, and ongoing learning opportunities, backed by a culture that values and supports our team.

We are seeking a Vulnerability Management Analyst (Tenable/Nessus & Metrics ) to support vulnerability tracking, remediation coordination, and security metrics reporting in a federal technology environment. This is a junior-level role (1–3 years of experience) focused on execution and coordination, working hands-on with Tenable/Nessus, iPost, Power BI, Excel, and ticketing systems to ensure that vulnerability data is accurate, actionable, and reportable.

Details:

Location: Hybrid - Onsite, Arlington, VA,1 day/week and as needed
Job Type: Full Time
Education: Minimum of a Bachelor’s degree in computer science or Equivalent
Experience: Minimum 1 year of relevant experience
Clearance: Must hold an Active DoD Secret Clearance or higher

Responsibilities

  • Run authorized Tenable/Nessus scans using credentialed scan profiles and review exports to identify CVEs, plugin findings, KEV status, EOL/EOS software risks, and affected assets.
  • Validate findings as true or false positives, track vulnerability age using first-seen/last-seen dates, and escalate unresolved findings to senior security staff or system owners.
  • Support the full vulnerability lifecycle from intake and triage through ownership assignment, remediation tracking, retest/rescan validation, and closure evidence collection.
  • Monitor KEV and Critical/High findings against federal remediation timelines (e.g., BOD 22-01) and flag aging, stale, or blocked findings for escalation.
  • Build and maintain Power BI dashboards and Excel reports covering vulnerability posture, patch compliance, KEV status, finding aging, and ownership tracking using Power Query, slicers, and basic DAX measures.
  • Produce recurring deliverables, including Critical/High aging reports, Tenable/iPost reconciliation summaries, EOL/EOS tracking, and executive snapshots; document KPI definitions and data sources.
  • Reconcile vulnerability data across Tenable/Nessus, iPost, ServiceNow/CA ServiceDesk, Jira, SharePoint, POA&M trackers, and Excel exports to identify mismatches and coverage gaps.
  • Coordinate with security, development, infrastructure, database, and cloud teams and ISSO stakeholders to drive remediation through closure.
Requirements

  • 1–3 years of experience in cybersecurity operations, vulnerability management, SOC, cyber GRC, IT operations, or application security support; working knowledge of CVE, CVSS, KEV, false positives, POA&M tracking, risk acceptance, and vulnerability aging.
  • Hands-on Tenable/Nessus experience: executing credentialed scans, analyzing plugin output and CVE findings, validating true/false positives, and building dashboards, saved filters, and exports for KEV, Critical/High, EOL/EOS, and aging tracking.
  • Intermediate Power BI (Power Query, data modeling, DAX, slicers) and strong Excel skills (pivot tables, VLOOKUP/XLOOKUP, conditional formatting, deduplication) for vulnerability reporting and KPI tracking.
  • Experience with iPost, ServiceNow, CA ServiceDesk, Jira, or SharePoint for remediation tracking; ability to reconcile data across multiple tools, identify mismatches, and maintain accurate ownership and evidence records.
  • Familiarity with EOL/EOS software tracking, patch compliance, remediation exceptions, risk acceptance documentation, and closure evidence collection.
  • Strong attention to detail, comfort working with large and messy datasets, and clear communication skills for translating technical findings into plain-language updates for leadership and non-technical stakeholders.
Preferred Qualifications

  • Experience supporting federal cybersecurity programs or regulated environments; familiarity with NIST SP 800-53, RMF, A&A, ATO, POA&M lifecycle management, CISA BOD 22-01, and FedRAMP vulnerability requirements.
  • Exposure to DevSecOps and application security tooling: SAST, DAST, SCA, container image scanning, secrets scanning, or Software Bill of Materials (SBOM) analysis.
  • Basic understanding of enterprise patching for Windows Server, Windows workstations, .NET Framework, Java JRE, SQL Server, and endpoint agents; familiarity with Splunk or other SIEM platforms.
  • Experience developing SOPs, RACI matrices, or workflow documentation in a security or IT operations context.
  • Relevant certifications such as CompTIA Security+, CySA+, CEH, or equivalent entry-to-mid-level cybersecurity credentials.
DANE LLC is an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Flexible work from home options available.

Posted 2026-07-16

Recommended Jobs

Data Engineer

Next Ventures
Newport News, VA

What Youʼll Do Architect & Build  Play a key role in shaping the strategic vision and providing technical leadership for a major greenfield effort to rebuild and modernize our data warehouse pla…

View Details
Posted 2026-06-30

Administrative Assistant/Intake

Absolute Home Healthcare Inc
Stafford, VA

Job Description Job Description We are looking for a responsible Administrative Assistant to perform a variety of administrative and clerical tasks. Duties of the Administrative Assistant include…

View Details
Posted 2026-06-23

Jr. Intelligence Analyst

T-Rex Solutions
Sterling, VA

Job Description Job Description T-Rex Solutions, a leader in mission-focused solutions, is seeking a dedicated Junior Intelligence Analyst to join our dynamic team in Sterling, VA. At T-Rex, we p…

View Details
Posted 2026-04-17

Scientific Engagement Specialist / Lead III

Armada Ltd
Arlington, VA

Job Description Job Description Scientific Engagement Specialist / Lead III Type: Full Time Location: Ballston, Virgina Overtime Exempt: No Reports To: ARMADA HQ Security Cle…

View Details
Posted 2026-07-16

Automotive BDC Agent - Sales & Service (Franchise Dealerships)

Easterns Automotive Group
Sterling, VA

Job Description Job Description High-Paying Automotive BDC Agent – Sales & Service | Easterns Automotive Group (Franchise Dealerships) Company: Easterns Automotive Group Location: Sterling, …

View Details
Posted 2026-07-17

Private Wealth Services Associate

5 Legal
Richmond, VA

Job Description Job Description A global and top 100 Am Law firm seeks an associate to join their Private Wealth Services Team in their Richmond office. The ideal candidate must have 1-4 yea…

View Details
Posted 2026-03-27

EMT or Paramedic (PRN)

Medcor Inc
Louisa, VA

Medcor is looking to hire a EMT or Paramedic on a PRN basis (as-needed) to be an Onsite Health Technician at our construction site clinic in Louisa, VA. The operating hours for this clinic are Monday …

View Details
Posted 2026-04-30

Modular Homes Sales Representative

Cardinal Homes
Wylliesburg, VA

Join a leading modular home manufacturer as a Modular Homes Sales Representative, where innovation meets quality.  The Modular Home Sales Representative is responsible for developing, managing, and…

View Details
Posted 2026-06-13

Maintenance Mechanic

Portsmouth Redevelopment & Housing Authority
Portsmouth, VA

Job Description Job Description We Are Portsmouth Redevelopment and Housing Authority Since 1938 the Portsmouth Redevelopment and Housing Authority has been working to create jobs, expand the …

View Details
Posted 2026-07-17

Customer Service Benefits Representative

TWA Career
Virginia Beach, VA

Job Description Customer Service Benefits Representative Location Virginia — Remote Employment Type Full-Time Career Opportunity | Flexible Schedule About the Opportunity The Weat…

View Details
Posted 2026-07-06