Vulnerability Management Analyst

Dragonfli Group·Remote(United States)
Data & Analytics
Excel

WFA Digital Insight

In today's remote job market, demand for cybersecurity experts is skyrocketing, with a 25% increase in job openings over the past year. Vulnerability management skills are in particularly high demand, and this role at Dragonfli Group offers a unique chance to work with federal agencies and enterprise clients. With the cybersecurity industry expected to grow by 31% by 2027, this is an exciting time to join the field. Before applying, candidates should know that they will need to have strong technical skills, excellent communication abilities, and the ability to work independently.

Job Description

About the Role

The Vulnerability Management Analyst position at Dragonfli Group is a key role in the company's Cyber Risk Practice, which operates at the intersection of technical excellence and mission accountability. As a senior analyst, you will own and operate vulnerability management programs for a large federal client, leading scanning operations, managing attack surface reduction programs, and driving remediation to closure. You will work closely with stakeholders to maintain relationships and ensure the success of the program.

The day-to-day responsibilities of this role will include managing vulnerability disclosure programs, leading recurring stakeholder syncs, and analyzing scan results to identify critical and high-severity findings. You will also be responsible for maintaining accurate records and producing regular reports for stakeholders.

Dragonfli Group is an award-winning cybersecurity advisory firm that delivers cost-effective, high-impact security solutions to federal agencies and enterprise clients. The company operates at the forefront of the industry, and this role offers the opportunity to work with cutting-edge technologies and techniques.

What You Will Do

  • Lead and manage end-to-end vulnerability disclosure programs, including coordination with ethical hackers, system owners, and agency stakeholders
  • Own attack surface management programs, including scheduling, scope management, findings coordination, and POA&M documentation
  • Manage and update Standard Operating Procedures, SharePoint repositories, and program tracking documentation
  • Lead recurring stakeholder syncs, including weekly vulnerability management meetings, DMZ syncs, and Security Report presentations
  • Operate and maintain enterprise vulnerability scanning platforms, including Tenable.sc and Tenable.io
  • Analyze scan results to identify critical and high-severity findings, triage false positives, and prioritize remediation activities
  • Manage hardware/software certification pipelines and process ServiceNow tickets within defined SLAs
  • Support the transition from legacy tools to modernized scanning platforms with minimal operational disruption
  • Track and drive remediation of critical, high, and all severity-tiered vulnerabilities to closure within program SLAs
  • Maintain accurate POA&M records for all open findings across program scope
  • Produce and present vulnerability dashboards, compliance reports, and executive-level status briefings

What We Are Looking For

  • 3+ years of hands-on vulnerability management experience within a federal agency environment
  • Demonstrated program ownership experience, including VDP, attack surface management, or equivalent independently managed programs
  • Proficiency with Tenable.sc and/or Tenable.io, including scan configuration, report generation, and false positive management
  • Experience with CISA programs, including VDP, FAST, and BOD compliance
  • Working knowledge of ServiceNow or equivalent ITSM platforms for ticket management
  • Ability to produce clean, accurate SOPs, POA&Ms, and stakeholder-facing documentation
  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent practical experience
  • Active security clearance or eligibility to obtain one preferred

Nice to Have

  • Experience with web application scanning tools, such as OpenText ScanCentral
  • Knowledge of HTTPS/HSTS compliance and other BOD requirements
  • Familiarity with modernized scanning platforms and transition planning
  • Certification in a relevant field, such as CompTIA Security+ or CISSP

Benefits and Perks

  • Competitive salary and benefits package
  • Opportunity to work with a leading cybersecurity advisory firm
  • Collaborative and dynamic work environment
  • Professional development and training opportunities
  • Flexible work arrangements and remote work options
  • Access to cutting-edge technologies and techniques
  • Recognition and reward for outstanding performance

How to Stand Out

  • To stand out in this role, focus on developing strong technical skills, particularly in vulnerability management and scanning platforms.
  • Be prepared to discuss your experience with program ownership and management, including VDP and attack surface reduction.
  • Highlight your ability to work independently and manage multiple stakeholders, including federal agencies and enterprise clients.
  • Emphasize your excellent communication skills, including the ability to produce clear and concise reports and presentations.
  • Be prepared to discuss your experience with CISA programs and BOD compliance, and how you have applied this knowledge in previous roles.
  • Consider obtaining relevant certifications, such as CompTIA Security+ or CISSP, to demonstrate your expertise and commitment to the field.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.