Koniag Government Services

Vulnerability Analyst II

Koniag Government Services$75K — $95K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in a related field like Cybersecurity or Information Technology.
  • 3+ years in vulnerability management or security assessment, especially within federal environments.
  • Experience with vulnerability scanning tools like Tenable Nessus or Qualys.
  • One or more industry certifications like CompTIA Security+ or CISSP required.
  • Effective communication skills for diverse stakeholder engagement.

Responsibilities

  • Plan and execute vulnerability scans across SBA’s IT infrastructure.
  • Analyze scan results to prioritize remediation based on vulnerability risk.
  • Develop comprehensive reports and dashboards detailing vulnerability status and trends.
  • Coordinate with teams to communicate vulnerabilities and track remediation efforts.
  • Support the integration of vulnerability management with SBA's POA&M processes.

Benefits

  • Health, dental, and vision insurance coverage.
  • 401K plan with employer matching contributions.
  • Flexible spending accounts for medical expenses.
  • Generous paid time off including three weeks of vacation and paid holidays.
Full Job Description
is seeking a Vulnerability Analyst II to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.

We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.

Koniag Data Solutions, a Koniag Government Services company, is seeking a skilled and experienced Vulnerability Analyst II to support the U.S. Small Business Administration (SBA). The ideal candidate is a mid-level cybersecurity professional with solid experience in vulnerability management, security assessment, and risk analysis within federal government IT environments. This individual will play a key role in identifying, analyzing, and tracking vulnerabilities across SBA's enterprise IT environment, working closely with system owners, IT operations teams, and the broader cybersecurity program to ensure timely and effective remediation of security weaknesses and maintenance of a strong security posture.

The Vulnerability Analyst II will serve as a mid-level vulnerability management professional responsible for conducting vulnerability assessments, analyzing scan results, tracking remediation activities, and supporting the continuous improvement of SBA's vulnerability management program.

Principal responsibilities will include but are not limited to:
  • Plan, configure, and execute vulnerability scans across SBA's enterprise IT environment, including network infrastructure, servers, workstations, web applications, databases, and cloud-hosted assets, using enterprise vulnerability scanning platforms such as Tenable Nessus, Tenable.io, Qualys, or equivalent tools.
  • Analyze and interpret vulnerability scan results, applying knowledge of common vulnerability scoring systems (CVSS), exploit availability, asset criticality, and threat context to accurately assess the real-world risk posed by identified vulnerabilities and prioritize remediation activities accordingly.
  • Develop and maintain comprehensive vulnerability management reports, dashboards, and metrics, providing SBA leadership, system owners, and IT operations teams with clear visibility into the current vulnerability posture, remediation progress, and trending risk levels across SBA's enterprise environment.
  • Coordinate with system owners, IT operations teams, and application teams to communicate identified vulnerabilities, provide technical remediation guidance, track remediation activities, and validate the effectiveness of applied patches, configuration changes, and mitigations.
  • Support the development and maintenance of SBA's vulnerability management program documentation, including vulnerability management policies, procedures, scanning methodologies, and remediation tracking processes, ensuring alignment with NIST SP 800-40, federal vulnerability management guidance, and CISA BODs and EDs.
  • Assist in the integration of vulnerability management activities with SBA's POA&M program, ensuring identified vulnerabilities are accurately documented, tracked, and reported within the POA&M framework in accordance with FISMA and SBA security requirements.
  • Conduct configuration compliance assessments using security configuration baselines such as CIS Benchmarks and DISA STIGs, identifying configuration weaknesses and deviations from approved baselines across SBA's system portfolio and coordinating remediation activities with IT operations teams.
  • Support the assessment and documentation of vulnerability risk exceptions and remediation deadline extension requests, evaluating the technical justification and compensating controls proposed by system owners and preparing risk acceptance documentation for review by senior security staff.
  • Monitor and analyze vulnerability and threat intelligence from government and commercial sources, including CISA KEV (Known Exploited Vulnerabilities) catalog, NVD, US-CERT advisories, and commercial threat intelligence feeds, to identify emerging vulnerabilities and active exploit campaigns relevant to SBA's technology environment and prioritize response activities accordingly.
  • Collaborate with the SOC team to correlate vulnerability data with threat intelligence and active security monitoring findings, supporting a risk-informed approach to vulnerability prioritization and enabling more effective detection and response to exploitation attempts.
  • Support penetration testing activities by providing vulnerability data, scan results, and asset inventory information to support scoping and planning of penetration test engagements and assisting in the validation of penetration test findings against known vulnerability data.
  • Assist in the development and maintenance of SBA's asset inventory and asset management program, ensuring accurate and current records of SBA's IT assets, system configurations, and software inventory to support comprehensive vulnerability scanning coverage and risk analysis.
  • Prepare and deliver vulnerability management briefings, status reports, and technical presentations to SBA stakeholders, clearly communicating vulnerability findings, remediation status, risk levels, and program performance metrics.
  • Support vulnerability management activities for cloud-hosted assets and services, including the configuration and execution of cloud vulnerability scans and the assessment of cloud-specific security misconfigurations and vulnerabilities across AWS, Azure, and/or GCP environments.
  • Contribute to the continuous improvement of SBA's vulnerability management program, identifying opportunities to enhance scanning coverage, remediation tracking efficiency, reporting quality, and overall program effectiveness.


Education and Experience:
Required:

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university.
  • 3+ years of progressive experience in vulnerability management, security assessment, or a closely related cybersecurity field, with demonstrated hands-on experience conducting vulnerability assessments and supporting vulnerability management programs within a federal government or large enterprise IT environment.
  • Demonstrated experience using enterprise vulnerability scanning platforms such as Tenable Nessus, Tenable.io, Qualys, or equivalent tools to conduct vulnerability assessments across diverse IT environments.
  • One or more of the following certifications:
  • CompTIA Security+
  • CompTIA CySA+
  • GIAC Security Essentials (GSEC)
  • Tenable Certified Security Engineer (TCSE) or Tenable.io Certification
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Certified Enterprise Defender (GCED)


Desired:
  • 5+ years of vulnerability management experience, with a strong background supporting federal civilian agency vulnerability management programs.
  • Prior experience supporting SBA or other federal civilian agency vulnerability management programs.
  • Certified Ethical Hacker (CEH) or equivalent offensive security certification demonstrating foundational penetration testing knowledge.


Required Skills and Competencies:
  • Strong communication skills in English - both written and oral - with the ability to clearly communicate vulnerability findings, risk assessments, remediation recommendations, and program status to diverse audiences, including technical staff, system owners, program managers, and senior SBA leadership.
  • Solid hands-on experience planning, configuring, and executing vulnerability scans across diverse IT environments using enterprise vulnerability scanning platforms, with demonstrated ability to interpret scan results accurately and assess real-world vulnerability risk.
  • Strong understanding of common vulnerability scoring systems, including CVSS v3.x, and the ability to apply CVSS scores in conjunction with threat context, asset criticality, and exploit availability to develop risk-informed vulnerability prioritization recommendations.
  • Knowledge of common vulnerability types affecting enterprise IT environments, including operating system vulnerabilities, application vulnerabilities, web application vulnerabilities, network device vulnerabilities, database vulnerabilities, and cloud service misconfigurations.
  • Experience conducting configuration compliance assessments using CIS Benchmarks, DISA STIGs, and other security configuration baselines, with the ability to identify configuration weaknesses and develop practical remediation recommendations.
  • Familiarity with federal vulnerability management frameworks, guidelines, and compliance requirements, including NIST SP 800-40, NIST SP 800-53, FISMA, and applicable CISA BODs and EDs governing vulnerability management and patch management activities.
  • Experience developing vulnerability management reports, dashboards, and metrics that effectively communicate vulnerability posture, remediation progress, and risk trends to diverse stakeholder audiences.
  • Ability to coordinate effectively with system owners, IT operations teams, and application teams to communicate vulnerability findings, provide remediation guidance, track remediation progress, and validate remediation effectiveness.
  • Familiarity with POA&M management concepts and experience supporting the integration of vulnerability management findings into POA&M tracking and reporting processes within a federal government environment.
  • Knowledge of patch management concepts and processes, including an understanding of common patching tools and methodologies used in enterprise IT environments to remediate identified vulnerabilities.
  • Basic familiarity with threat intelligence concepts and the ability to incorporate vulnerability-relevant threat intelligence, including the CISA KEV catalog and NVD data, into vulnerability prioritization and remediation planning activities.
  • Strong organizational skills and attention to detail, with the ability to manage multiple concurrent vulnerability assessment and remediation tracking activities accurately and efficiently in a fast-paced federal environment.
  • Ability to obtain and maintain a Public Trust Clearance.


Desired Skills and Competencies:
  • Prior experience supporting SBA or other federal civilian agency vulnerability management programs, with demonstrated knowledge of agency-specific vulnerability management processes, tools, and reporting requirements.
  • Experience conducting vulnerability assessments and configuration compliance assessments for cloud-hosted assets and services in AWS, Azure, or GCP environments, including familiarity with cloud-native security assessment tools and cloud-specific vulnerability types and misconfigurations.
  • Familiarity with web application vulnerability assessment concepts and tools, including OWASP Top 10 vulnerability categories and basic web application scanning tools such as Burp Suite, OWASP ZAP, or equivalent.
  • Experience with vulnerability management automation, including proficiency in scripting languages such as Python or PowerShell for automating scan scheduling, result parsing, reporting, and remediation tracking workflows.
  • Knowledge of the CDM (Continuous Diagnostics and Mitigation) program tools and data requirements, and the integration of CDM vulnerability management capabilities into agency vulnerability management programs.
  • Experience with asset management and asset discovery tools and their integration with vulnerability management platforms to ensure comprehensive scanning coverage across complex enterprise IT environments.
  • Familiarity with container and Kubernetes security assessment concepts, including common container vulnerabilities and misconfigurations and tools used to assess container image and runtime security.
  • Experience supporting FedRAMP authorized cloud environments and familiarity with FedRAMP vulnerability scanning requirements and continuous monitoring obligations as they apply to cloud-hosted systems and services.
  • Knowledge of supply chain risk management (SCRM) concepts and their relationship to vulnerability management, including awareness of software bill of materials (SBOM) concepts and their application in identifying and managing software supply chain vulnerabilities.
  • Familiarity with threat modeling methodologies and their application in informing vulnerability prioritization and risk assessment activities within a federal agency vulnerability management program.
  • Experience developing and delivering vulnerability management training materials and briefings to system owners, IT operations staff, and other stakeholders to build organizational awareness and capability in vulnerability remediation and risk management.

About Koniag Government Services

Koniag Government Services Careers

Join the dynamic team at Koniag Government Services, a leader in providing innovative solutions to government clients. This esteemed company offers a plethora of job opportunities that pave the way for professional growth and career advancement in a diverse and inclusive environment.

Explore Career Opportunities

Koniag Government Services is actively hiring and offers a range of positions that cater to various skills and experiences. Whether you're a seasoned professional or a recent graduate, Koniag Government Services provides a platform to enhance your career through meaningful work in a supportive culture.

Innovation and Leadership

At the forefront of innovation, Koniag Government Services encourages its team to lead with creativity and strategic thinking. The company is committed to leadership development and diversity training, ensuring that all team members have the opportunity to excel and contribute to industry-leading projects.

Professional Growth and Development

Koniag Government Services is dedicated to the professional development of its employees. With comprehensive benefits, competitive employment packages, and opportunities for advancement, the company supports its team in achieving their career goals. Networking within the company and industry is encouraged, fostering a community of learning and mutual growth.

Internship Programs

For those starting their career journey, Koniag Government Services offers internship programs that provide real-world experience and a pathway to full-time employment. Interns gain valuable industry knowledge and develop essential skills under the guidance of experienced mentors.

Commitment to Diversity and Inclusion

Diversity is at the core of Koniag Government Services' values. The company is committed to creating an inclusive environment where diverse voices are heard and valued. Diversity training is integral, equipping the team with the tools to thrive in a multicultural setting.

Applying for a Position

To apply for a position at Koniag Government Services, candidates should prepare a resume that highlights relevant experience and skills. The interview process is designed to assess fit both for the role and the company culture, ensuring alignment with the team’s values and objectives.

Stay Connected with Koniag Government Services Careers

Explore the various job opportunities and embark on a path of professional growth and innovation. Koniag Government Services is not just a workplace but a community where careers flourish in an environment of respect, integrity, and continuous learning.

Search Koniag Government Services Jobs

Discover the exciting career opportunities available at Koniag Government Services. Search for open positions that match your skills and interests, and join a team that values curiosity, creativity, and collaboration.

Keep Up to Date

Stay informed with the latest career tips, industry insights, and company updates directly from Koniag Government Services. Engage with content that can transform your professional journey and lead to rewarding opportunities.

Job Alert Emails

Personalize your subscription to receive job alerts and insider tips tailored to your preferences from Koniag Government Services. See what exciting and rewarding opportunities await in the field of government services.
Learn more about Koniag Government Services
Size
501 employees
Industry

Similar Jobs

More Jobs at Koniag Government Services

More Information Technology Jobs

Find similar Vulnerability Analyst II jobs: