About the role
<div class="benefits">
<div><strong>Benefits:</strong></div>
<ul>
<li>Life/STD/LTD</li>
<li>FSA/DCA</li>
<li>401(k)</li>
<li>Employee discounts</li>
<li>Paid time off</li>
<li>401(k) matching</li>
<li>Dental insurance</li>
<li>Health insurance</li>
<li>Tuition assistance</li>
<li>Vision insurance</li>
</ul>
</div>
<div class="trix-content">
<div>
<strong>Description</strong><br><br>Looking for a place that invests in you from day one? At DANE, we offer aggressive PTO, strong benefits, and ongoing learning opportunities, backed by a culture that values and supports our team.<br><br>We are seeking a Vulnerability Management Analyst <strong>(Tenable/Nessus & Metrics</strong>) to support vulnerability tracking, remediation coordination, and security metrics reporting in a federal technology environment. This is a j<u>unior-level r</u>ole (1–3 years of experience) focused on execution and coordination, working hands-on with<strong> Tenable/Nessus, iPost, Power BI, Excel, and ticketing systems </strong>to ensure that vulnerability data is accurate, actionable, and reportable.<br><br><strong>Details:</strong><br><br>
</div><div>
<strong>Location: Hybrid - Onsite, Arlington, VA,1 day/week and as needed</strong><br><strong>Job Type:</strong> Full Time<br><strong>Education:</strong> Minimum of a Bachelor’s degree in computer science or Equivalent<br><strong>Experience:</strong> Minimum 1 year of relevant experience<br><strong>Clearance: Must hold an Active DoD Secret Clearance or higher</strong><br><br>
</div><div>
<br><strong>Responsibilities </strong><br><br>
</div><ul>
<li>Run authorized Tenable/Nessus scans using credentialed scan profiles and review exports to identify CVEs, plugin findings, KEV status, EOL/EOS software risks, and affected assets.</li>
<li>Validate findings as true or false positives, track vulnerability age using first-seen/last-seen dates, and escalate unresolved findings to senior security staff or system owners.</li>
<li>Support the full vulnerability lifecycle from intake and triage through ownership assignment, remediation tracking, retest/rescan validation, and closure evidence collection.</li>
<li>Monitor KEV and Critical/High findings against federal remediation timelines (e.g., BOD 22-01) and flag aging, stale, or blocked findings for escalation.</li>
<li>Build and maintain Power BI dashboards and Excel reports covering vulnerability posture, patch compliance, KEV status, finding aging, and ownership tracking using Power Query, slicers, and basic DAX measures.</li>
<li>Produce recurring deliverables, including Critical/High aging reports, Tenable/iPost reconciliation summaries, EOL/EOS tracking, and executive snapshots; document KPI definitions and data sources.</li>
<li>Reconcile vulnerability data across Tenable/Nessus, iPost, ServiceNow/CA ServiceDesk, Jira, SharePoint, POA&M trackers, and Excel exports to identify mismatches and coverage gaps.</li>
<li>Coordinate with security, development, infrastructure, database, and cloud teams and ISSO stakeholders to drive remediation through closure.</li>
</ul><div>
<strong>Requirements<br></strong><br>
</div><ul>
<li>1–3 years of experience in cybersecurity operations, vulnerability management, SOC, cyber GRC, IT operations, or application security support; working knowledge of CVE, CVSS, KEV, false positives, POA&M tracking, risk acceptance, and vulnerability aging.</li>
<li>Hands-on Tenable/Nessus experience: executing credentialed scans, analyzing plugin output and CVE findings, validating true/false positives, and building dashboards, saved filters, and exports for KEV, Critical/High, EOL/EOS, and aging tracking.</li>
<li>Intermediate Power BI (Power Query, data modeling, DAX, slicers) and strong Excel skills (pivot tables, VLOOKUP/XLOOKUP, conditional formatting, deduplication) for vulnerability reporting and KPI tracking.</li>
<li>Experience with iPost, ServiceNow, CA ServiceDesk, Jira, or SharePoint for remediation tracking; ability to reconcile data across multiple tools, identify mismatches, and maintain accurate ownership and evidence records.</li>
<li>Familiarity with EOL/EOS software tracking, patch compliance, remediation exceptions, risk acceptance documentation, and closure evidence collection.</li>
<li>Strong attention to detail, comfort working with large and messy datasets, and clear communication skills for translating technical findings into plain-language updates for leadership and non-technical stakeholders.</li>
</ul><div>
<strong>Preferred Qualifications<br></strong><br>
</div><ul>
<li>Experience supporting federal cybersecurity programs or regulated environments; familiarity with NIST SP 800-53, RMF, A&A, ATO, POA&M lifecycle management, CISA BOD 22-01, and FedRAMP vulnerability requirements.</li>
<li>Exposure to DevSecOps and application security tooling: SAST, DAST, SCA, container image scanning, secrets scanning, or Software Bill of Materials (SBOM) analysis.</li>
<li>Basic understanding of enterprise patching for Windows Server, Windows workstations, .NET Framework, Java JRE, SQL Server, and endpoint agents; familiarity with Splunk or other SIEM platforms.</li>
<li>Experience developing SOPs, RACI matrices, or workflow documentation in a security or IT operations context.</li>
<li>Relevant certifications such as CompTIA Security+, CySA+, CEH, or equivalent entry-to-mid-level cybersecurity credentials.</li>
</ul><div>
<br><em>DANE LLC is an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.</em><br><br>
</div>
</div>
<p>Flexible work from home options available.</p>
This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.