Sherpa 6, Inc.
Linkedin · Posted 1mo ago
Vulnerability Management Analyst- Secret Clearance Required with Security Clearance
Continue to application
Add your email once, then Caio opens the original posting.
Indexed description
Security Clearance: Active Secret clearance required (Interim ok) Travel Requirement: Up to 10% Citizenship: US Citizenship required Sherpa 6 is seeking a highly motivated and skilled Vulnerability Management Analyst to join our team. We build mission critical systems for the Department of Defense (DoD) and other commercial customers. You'll be responsible for identifying, assessing, prioritizing, and tracking remediation of security vulnerabilities across our software development process. You will partner with infrastructure, application, and security teams to ensure risks are properly understood, addressed, and reported. Responsibilities: * Perform regular vulnerability scans across cloud, on-prem, application, and endpoint environments.
- Work alongside Software and DevSecOps teams to develop strategies for incorporating vulnerability detection and management in CI/CD pipelines as part of our software development process
- Analyze scan results, validate findings, and assign severity based on industry standards (e.g., CVSS), business context, and exploitability.
- Work collaboratively with engineering and operations teams to drive timely remediation of vulnerabilities.
- Monitor external threat intelligence and evaluate emerging vulnerabilities (e.g., zero-days, trending exploits).
- Maintain the vulnerability management platform and improve scanning coverage and accuracy.
- Support patch management processes and ensure alignment with remediation SLAs.
- Assist in developing and refining policies, procedures, and best practices for vulnerability management.
- Participate in incident response efforts when vulnerabilities contribute to active threats. Requirements * 7+ years of experience in cybersecurity, vulnerability management, or related fields.
- 3+ years of experience working alongside software development and DevSecOps teams as part of the software development process
- Hands-on experience with tools such as Tenable, Qualys, Rapid7, OpenVAS, or similar.
- Strong understanding of CVE, CVSS, NIST, CIS benchmarks, and vulnerability classification frameworks.
- Familiarity with cloud platforms (AWS, Azure, GCP)
- Ability to interpret vulnerability findings, identify actual risk, and communicate clearly with technical and non-technical stakeholders.
- Knowledge of patch management practices and change management workflows.
- Understanding of network architecture, security controls, and common attack vectors.
- Excellent analytical and problem-solving skills, with a keen attention to detail.
- Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams
- Must be a US citizen
- Experience with automation or scripting (Python, PowerShell, Bash).
- Background in secure configuration management, container security, or DevSecOps tooling.
- Knowledge of SIEM or threat detection platforms.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search
Want help applying to roles like this?
Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent