Risk and Vulnerability Analyst II
Indexed description
We are redefining how federal technology gets built and delivered by operating with a product mindset, prioritizing speed, ownership, and execution over bureaucracy.
Title: Risk and Vulnerability Analyst II
Location: Washington, DC or Chandler, AZ
Terms: Full-time
Clearance: Secret eligibility required
Travel: 10-20%
Position Description
As a Risk and Vulnerability Analyst II at Revolutional, you own the scanning and vulnerability identification pipeline across a large-scale federal enterprise. You run ad hoc and automated scans across operating systems, databases, web applications, cloud environments, and APIs — and you do it with the precision and consistency that compliance-driven federal programs demand.
You are technically skilled and operationally reliable. You troubleshoot scanning issues before they become coverage gaps, automate what can be automated, and produce findings that give security teams and leadership an accurate picture of enterprise risk. You are organized, customer-focused, and understand that vulnerability management is a service function as much as a technical one.
Responsibilities
- Execute ad hoc and automated vulnerability scans across operating systems, databases, and web applications using industry-accepted scanning tools for approximately 200 systems of varying size, scope, and complexity against recurring schedules in accordance with DHS 4300 policy
- Conduct cloud compliance scans across federal and commercial cloud environments; troubleshoot scanning configuration issues and ensure continuous coverage
- Perform on-site scanning operations as required, coordinating with system owners and network teams to maintain scan fidelity and minimize operational impact
- Execute Information Security Vulnerability Management (ISVM) scans and ensure results align with compliance requirements and program reporting standards
- Conduct API discovery and scanning to identify undocumented or unsecured API endpoints across the enterprise environment
- Develop and maintain scanning automation to improve coverage, consistency, and efficiency across the vulnerability management program
- Track high-visibility vulnerability findings through the remediation lifecycle in coordination with the SOC and system personnel
- Produce clear, accurate scan results and compliance dashboards/reports for technical teams and program leadership
- Maintain scanning tool configurations, credentials, and schedules; ensure tooling remains current and aligned with the evolving enterprise asset inventory
- Support
- vulnerability findings through the remediation lifecycle; coordinate with system owners and security teams to ensure timely closure
- Produce clear, accurate vulnerability reports and compliance dashboards for technical teams and program leadership
- Maintain scanning tool configurations, credentials, and schedules; ensure tooling remains current and aligned with the evolving enterprise asset inventory
- Support continuous monitoring requirements and contribute to FISMA compliance reporting as it relates to vulnerability management
- Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)
- 3 to 5 years of security-related experience with a focus on vulnerability management and scanning operations
- Secret eligibility required
- Hands-on experience with industry-accepted vulnerability scanning tools (e.g., Tenable Nessus, Qualys, Rapid7, or equivalent) for OS, database, and web application scanning
- Experience conducting cloud compliance scans across commercial or GovCloud environments
- Experience with on-site scanning operations and troubleshooting scanning-related issues including authentication, network access, and tool configuration
- Experience with ISVM scans and federal vulnerability management compliance requirements
- Experience with API discovery and scanning methodologies and tools
- Demonstrated ability to automate scanning workflows using scripting, scheduling tools, or platform-native automation capabilities
- Familiarity with vulnerability scoring frameworks (CVSS) and risk-based prioritization of findings
- Understanding of federal security compliance requirements including FISMA and NIST RMF as they apply to vulnerability management
- Highly organized: you manage multiple scan schedules, asset inventories, and remediation tracks simultaneously without dropping coverage
- Customer-service oriented — you work collaboratively with system owners and technical teams, not around them
- Detail-oriented with strong documentation habits; your scan configurations and findings are reproducible and audit-ready
- Problem-solver who troubleshoots scanning issues independently and doesn’t wait for perfect conditions to maintain coverage
- Vulnerability management certifications: Tenable Certified Security Associate, Qualys Certified Specialist, or equivalent platform certification
- Security certifications: CompTIA Security+, CySA+, or equivalent
- Experience with vulnerability management in a federal civilian or defense environment
- Familiarity with SCAP (Security Content Automation Protocol) and STIG compliance scanning
- Experience integrating vulnerability scan data into SIEM platforms or risk dashboards
- Background in API security testing or web application vulnerability assessment
- Active Secret clearance
___________________________________________________________________________________________________________
Here At Revolutional We Are Pleased To Have Been Repeatedly Recognized For Our Outstanding Work Culture, The Innovative Work We Do, And The Employees On Our Team Who Make a Difference Each Day. Some Of These Recognitions Include
- Recognized as a Top 20 "Best Place to Work in Virginia"
- Recipient of Department of Labor's HireVets Gold Medallion
- Great Place to Work Certification for five years running
- A Virginia Chamber of Commerce Fantastic 50 company
- A Northern Virginia Technology Council Tech 100 company
- Inc. 5000 list of fastest growing companies for eleven years
- Two-time SBA SBIR Tibbett's Award winner
- Virginia Values Veterans (V3) Certification
- Traditional and HSA- eligible medical insurance plans
- 100% employer-paid dental and vision insurance options
- 100% employer-sponsored STD, LTD, and life insurance
- 5% 401(k) company matching
- Flexible-schedules and teleworking options
- Paid holidays and PTO Accrual Plans
- Paid Parental Leave
- Professional development and career growth opportunities
- Team and company-wide events, recognition, and appreciation-- and so much more!
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search