Vulnerability Manager

AnaVation

$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in a related field or equivalent experience.
  • 6 years of experience in security administration or vulnerability management.
  • Hands-on experience with Tenable or Qualys scanning tools.
  • Proficiency in performing vulnerability scans with tools like Burpsuite.
  • Strong understanding of CVSS scoring and risk prioritization methods.
  • Excellent oral and written communication skills.
  • Familiarity with network applications and common exploitation types.
  • Security+ certification is required.

Responsibilities

  • Administer and maintain Tenable and Qualys scanning platforms.
  • Lead enterprise-wide vulnerability scanning across various assets.
  • Analyze scan data and prioritize findings based on business risk.
  • Own and track remediation lifecycle and associated documentation.
  • Develop and deliver executive vulnerability reports and dashboards.
  • Support compliance with NIST 800-53 for continuous monitoring.
  • Coordinate remediation efforts with IT operations and system owners.

Benefits

  • Generous cost sharing for medical insurance for employees and dependents.
  • 100% company-paid dental insurance for employees and dependents.
  • 100% company-paid long-term and short-term disability insurance.
  • 100% company-paid vision insurance for employees and dependents.
  • 401k plan with generous match and immediate vesting.
  • Generous paid leave and holiday package.
  • Tuition and training reimbursement.
  • Life and AD&D insurance.
Full Job Description
Description of Task to be Performed:

AnaVation is searching for a Vulnerability Manager to assist client leadership with the enterprise vulnerability management program, administering scanning platforms (Tenable and/or Qualys), driving vulnerability analysis and risk prioritization, and delivering reporting to leadership and compliance stakeholders.

Responsibilities:
  • Administer and maintain scanning platforms such as Tenable.SC, Qualys and/or application-based scanners, which may include activities such as scan policies, asset groups, credentials scanning, and agent deployment.
  • Lead enterprise-wide vulnerability scanning cadence across the network, systems, applications and other dependent assets.
  • Analyze scan data, validate findings and false positives, and prioritize based on CVSS, exploitability, and business risk.
  • Own and manage POA&M lifecycle, tracking remediation timelines, risk acceptance documentation, and closure validation.
  • Develop and deliver weekly vulnerability metrics/dashboards and executive reporting (trend analysis, SLA compliance, risk posture).
  • Support ATO and continuous monitoring activities in alignment with NIST 800-53.
  • Coordinate remediation with system owners, IT operations, and patch management teams.
  • Manage scanner tuning, plugin/signature updates, and platform health.
  • Support FISMA reporting requirements. • Interacting with GRC tool (e.g., CSAM) to perform daily/weekly vulnerability analysis.
  • Flexible with other security related tasks as needed by the customer.

This position is hybrid, with the potential for periodic onsite attendance at our customer location in Alexandria, VA.

Applicants who do not currently reside within commuting distance should describe how they would satisfy this requirement. Remote status is subject to change at the customer's direction.

This position requires a Public Trust

Required Qualifications:

  • Bachelor's degree in a related field or equivalent demonstrated experience and knowledge.
  • 6 years of experience as a Security Administrator, Vulnerability Manager or equivalent knowledge.
  • Hands-on administration experience with Tenable or Qualys.
  • Performing vulnerability scans with tools such as Tenable, Qualys, Burpsuite.
  • Deep familiarity with CVSS scoring, risk based prioritization methodologies.
  • Excellent oral and written communication skills.
  • Familiarity with multi-tiered network applications, common ports and protocols used in those communications, the Common Vulnerability System (CVS) and the exploitation mechanisms of common vulnerability types (e.g., buffer overflows, cross-site-scripting, SQL injection).
  • Certifications: Security + required


Preferred Qualifications:

  • Self-Starter - ability to quickly become competent with new security-related tools and processes.
  • Ability to conduct Deep Dive analysis to determine root cause assessment of various network scanning agents' scanning or communication failures.
  • Ability to coordinate remediation strategies with agency's department technical staff through completion.
  • Familiarity with the various use cases and alignment of data from each tool to various security disciplines in configuration management, vulnerability management, risk management and incident management.
  • Understanding of the role of interactive training such as phishing exercises for assessment of organizational abilities.
  • Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources.
  • Familiarity with information security terminology and being able to develop or select technical training in the discipline of information security geared to an organization.
  • Familiarity with data management and reporting of training data and statistics using common tools such as Microsoft Excel and Word.
  • Certifications: CISSP


Benefits
  • Generous cost sharing for medical insurance for the employee and dependents
  • 100% company paid dental insurance for employees and dependents
  • 100% company paid long-term and short-term disability insurance
  • 100% company paid vision insurance for employees and dependents
  • 401k plan with generous match and 100% immediate vesting
  • Competitive Pay
  • Generous paid leave and holiday package
  • Tuition and training reimbursement
  • Life and AD&D Insurance

Similar Jobs

More Jobs at AnaVation

  • Security Engineer
    $90K — $130K *
    Washington, DC 20011 (District Of Columbia County)
    Information Technology
    Hybrid
  • Scrum Master
    $90K — $120K *
    Hanover, MD 21076 (Howard County)
    Education, Government & Non-Profit
    In-Person
  • ServiceNow Developer
    $90K — $130K *
    Hanover, MD 21076 (Howard County)
    Information Technology
    In-Person
  • Application Administrator
    $75K — $95K *
    Hanover, MD 21076 (Howard County)
    Information Technology
    In-Person
  • Sr. Cloud Security Architect
    $130K — $160K *
    Washington, DC 20011 (District Of Columbia County)
    Information Technology
    In-Person

More Information Technology Jobs

Find similar Vulnerability Manager jobs: