Vulnerability Management Analyst

Program Overview

About The Role

Peraton is seeking a Vulnerability Management Analyst to join the CIO organization and support the FAA BNATCS program by providing specialized cybersecurity and risk management services to protect National Airspace System (NAS) systems, enterprise infrastructure, and mission‑critical applications. This role is responsible for identifying, analyzing, tracking, and mitigating vulnerabilities across FAA environments, and for ensuring compliance with federal security requirements. The Vulnerability Management Analyst strengthens the organization’s cybersecurity posture by validating findings, assessing risk, coordinating remediation with engineering and operations teams, and supporting continuous monitoring aligned with NIST 800‑53 and related governance controls.

Key Responsibilities may include:

Vulnerability Identification & Analysis

• Perform continuous vulnerability scanning across servers, endpoints, networks, cloud platforms, and applications
• Analyze scan results to identify threats, misconfigurations, and weaknesses across environments
• Analyze scan results to validate true positives, categorize vulnerability types, and assess potential impact
• Correlate findings with threat intelligence to identify exploitation likelihood and risk severity
• Maintain awareness of emerging vulnerabilities (e.g., CISA KEVs, zero‑days, vendor advisories) and evaluate relevance to environments
• Validate findings, assess severity and risk impact, and distinguish false positives from actionable vulnerabilities

Risk Prioritization & Reporting

• Provide regular updates to cybersecurity leadership regarding high‑risk or overdue vulnerabilities requiring escalation
• Support governance reporting requirements, including inputs for executive briefings, performance reviews, and continuous monitoring submissions
• Ensure risk decisions, remediation plans, and exceptions are documented, approved, and tracked in accordance with NIST 800‑53 control requirements
• support creation of dashboards, metrics, and trend analyses to measure vulnerability remediation performance
• Prepare detailed vulnerability and risk reports for stakeholders, ISSOs, SOC teams, and system owners
• Prioritize vulnerabilities based on environment risk models, mission impact, threat intelligence, and criticality of affected assets

Remediation Coordination

• Collaborate with system owners, network engineers, developers, and operations teams to drive timely remediation of findings
• Track remediation efforts, document mitigation strategies, and verify closure of vulnerabilities
• Provide technical recommendations to reduce exposure and strengthen system defenses

Compliance & Governance

• Support adherence to federal cybersecurity frameworks including NIST 800-53, NIST CSF, FISMA, TIC, and information security policies
• Assist with POA&M (Plan of Action & Milestones) documentation, updates, and lifecycle management
• Participate in ATO (Authorization to Operate) and continuous monitoring activities within the RMF process

Continuous Improvement & Security Enhancement

• Contribute to development and refinement of vulnerability management procedures, SOPs, and scanning schedules
• Stay current with emerging threats, CVEs, and security advisories relevant to aviation and federal agencies
• Support incident response teams by providing vulnerability insights that inform threat analysis and containment

Qualifications

Minimum Qualifications

• Minimum of 5+ years of experience with a BS/BA, 3+ years with a MS/MS, or a PhD in Cybersecurity, IT, Computer Science, or related discipline
• 3+ years of experience in vulnerability management, cybersecurity operations, or IT security.
• Working knowledge of vulnerability scanning tools (Tenable, Prisma Cloud Compute, etc.) and security information platforms.
• Understanding of NIST RMF, FISMA, and federal security policies.
• Experience analyzing CVEs, CVSS scoring, and vulnerability exploitability.
• Strong analytical, communication, and documentation skills.
• Ability to obtain and maintain the required FAA clearance.
• US Citizenship with the ability to obtain/maintain an FAA Public Trust
• Candidates must be local and able to work on-site out of our Herndon/Chantilly, VA or Bowie, MD locations
• Position may require occasional travel to other Peraton or Customer sites in the National Capital Region

Preferred Qualifications

• Certifications such as Security+, CySA+, CEH, GSEC, GCIH, or similar
• Experience with POA&M management, RMF packages, or continuous monitoring activities
• Knowledge of configuration management and patch management processes

SCA / Union / Intern Rate or Range

Details

Target Salary Range: $80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at

Application Duration Statement: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.