JobHunter AI
Vulnerability Management Analyst
Dragonfli Group
Location
United States
Work Mode
Remote
Type
Contract
Sector
Tech
First Seen
2026-07-05
Source
himalayas
Remote United States IT ERP Data Communications Deadline Unclear Remote
Job Description
<h3>Description</h3><p><a href="https://himalayas.app/companies/dragonfli-group">Dragonfli Group</a> is an award-winning cybersecurity advisory firm founded in 2008. We deliver cost-effective, high-impact security solutions to federal agencies and enterprise clients across vulnerability management, threat detection, compliance, and AI governance. Our Cyber Risk Practice operates at the intersection of technical excellence and mission accountability. We are growing and recruiting professionals who execute at a high level, take ownership, and drive measurable outcomes.</p><h3>Role Overview</h3><p>The Senior Vulnerability Management Analyst will own and operate vulnerability management programs for a large federal client. This is a delivery-oriented role with direct program accountability. The analyst will lead scanning operations, manage attack surface reduction programs, maintain stakeholder relationships, and drive remediation to closure. The right candidate can manage ambiguity, produce results with minimal supervision, and operate across technical and program management workstreams simultaneously.</p><h3>Responsibilities<p></p><p><strong></strong></p></h3><h3><strong>Program Ownership</strong></h3><ul><li><strong>Lead and manage end-to-end vulnerability disclosure programs (VDP), including coordination with ethical hackers, system owners, and agency stakeholders.</strong></li><li><strong>Own attack surface management programs (e.g., CISA FAST), including scheduling, scope management, findings coordination, and POA&amp;M documentation.</strong></li><li><strong>Manage and update Standard Operating Procedures (SOPs), SharePoint repositories, and program tracking documentation.</strong></li><li><strong>Lead recurring stakeholder syncs (weekly vulnerability management meetings, DMZ syncs, Security Report presentations).</strong></li></ul><h3><strong>Scanning and Technical Execution</strong></h3><ul><li><strong>Operate and maintain enterprise vulnerability scanning platforms including Tenable.sc, Tenable.io, and web application scanning tools (OpenText ScanCentral or equivalent).</strong></li><li><strong>Scope, schedule, execute, and report on vulnerability scans across large, complex federal environments.</strong></li><li><strong>Analyze scan results to identify critical and high-severity findings; triage false positives; prioritize remediation activities.</strong></li><li><strong>Manage hardware/software certification pipelines; process ServiceNow tickets within defined SLAs.</strong></li><li><strong>Support transition from legacy tools to modernized scanning platforms with minimal operational disruption.</strong></li></ul><h3><strong>Remediation and Risk Management</strong></h3><ul><li><strong>Track and drive remediation of critical, high, and all severity-tiered vulnerabilities to closure within program SLAs.</strong></li><li><strong>Maintain accurate POA&amp;M records for all open findings across program scope.</strong></li><li><strong>Produc