Remote Jobs Remote / WFH Kesehatan Full Time

Vulnerability Management Analyst

Dragonfli Group

Remote Gaji dirahsiakan Posted 3 days ago
Location Remote
Salary Gaji dirahsiakan
Job Type Full Time · Remote
Country United States

Job Description

Full details about the role and requirements

Yukerja Summary

The Vulnerability Management Analyst role at Dragonfli Group is curated from Remote Jobs (category Kesehatan). This role is marked as remote — check timezone and location requirements on the official listing. Yukerja.com is not the employer — applications are handled on the official source site.

Description

Dragonfli Group is an award-winning cybersecurity advisory firm founded in 2008. We deliver cost-effective, high-impact security solutions to federal agencies and enterprise clients across vulnerability management, threat detection, compliance, and AI governance. Our Cyber Risk Practice operates at the intersection of technical excellence and mission accountability. We are growing and recruiting professionals who execute at a high level, take ownership, and drive measurable outcomes.

?Role Overview

The Senior Vulnerability Management Analyst will own and operate vulnerability management programs for a large federal client. This is a delivery-oriented role with direct program accountability. The analyst will lead scanning operations, manage attack surface reduction programs, maintain stakeholder relationships, and drive remediation to closure. The right candidate can manage ambiguity, produce results with minimal supervision, and operate across technical and program management workstreams simultaneously.

?

Responsibilities

?

Program Ownership

  • Lead and manage end-to-end vulnerability disclosure programs (VDP), including coordination with ethical hackers, system owners, and agency stakeholders.
  • Own attack surface management programs (e.g., CISA FAST), including scheduling, scope management, findings coordination, and POA&M documentation.
  • Manage and update Standard Operating Procedures (SOPs), SharePoint repositories, and program tracking documentation.
  • Lead recurring stakeholder syncs (weekly vulnerability management meetings, DMZ syncs, Security Report presentations).

Scanning and Technical Execution

  • Operate and maintain enterprise vulnerability scanning platforms including Tenable.sc, Tenable.io, and web application scanning tools (OpenText ScanCentral or equivalent).
  • Scope, schedule, execute, and report on vulnerability scans across large, complex federal environments.
  • Analyze scan results to identify critical and high-severity findings; triage false positives; prioritize remediation activities.
  • Manage hardware/software certification pipelines; process ServiceNow tickets within defined SLAs.
  • Support transition from legacy tools to modernized scanning platforms with minimal operational disruption.

Remediation and Risk Management

  • Track and drive remediation of critical, high, and all severity-tiered vulnerabilities to closure within program SLAs.
  • Maintain accurate POA&M records for all open findings across program scope.
  • Produce and present vulnerability dashboards, compliance reports, and executive-level status briefings.
  • Validate remediation effectiveness through post-remediation scanning and analysis.
  • Monitor HTTPS/HSTS compliance and other BOD

requirements (BOD 18-01, BOD 20-01, and others as applicable).

Stakeholder Engagement

  • Build and maintain working relationships with CISA contacts, agency system owners, SOC personnel, and contractor teams.
  • Communicate vulnerability risks and remediation recommendations clearly to both technical and non-technical audiences.
  • Serve as subject matter expert and primary point of contact for assigned programs.
  • Provide backfill coverage across vulnerability management workstreams as needed.

Requirements

Must-Have

  • 3+ years of hands-on vulnerability management experience within a federal agency environment.
  • Demonstrated program ownership: VDP, attack surface management, or equivalent independently managed programs.
  • Proficiency with Tenable.sc and/or Tenable.io (scan configuration, report generation, false positive management).
  • Experience with CISA programs (VDP, FAST, BOD compliance) or equivalent federal cybersecurity initiatives.
  • Working knowledge of ServiceNow or equivalent ITSM platforms for ticket management.
  • Ability to produce clean, accurate SOPs, POA&Ms, and stakeholder-facing documentation.
  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent practical experience.
  • Active security clearance or eligibility to obtain one preferred.

Preferred

  • Experience operating WebInspect, OpenText ScanCentral, or equivalent DAST/web application scanning tools.
  • Familiarity with Bugcrowd or other managed bug bounty platforms.
  • Experience with HSTS/HTTPS compliance monitoring aligned to BOD 18-01.
  • Active certifications: Security+, CEH, CISSP, CISM, or Certified Vulnerability Assessor (CVA).
  • Experience leading or co-leading standing meetings with federal stakeholders.

Benefits

  • Health, Dental, and Vision Insurance
  • PTO
  • 401(k)
  • Remote work flexibility
  • Exposure to high-impact federal cybersecurity programs
  • Direct access to firm leadership and career development opportunities

Apply directly on RemoteJobs.org: https://remotejobs.org/remote-jobs/vulnerability-management-analyst-dragonfli-group

Disclaimer: Yukerja.com is a job aggregator, not an employer. This listing is aggregated from Remote Jobs. Applications are processed on the official company or source site. We are not responsible for listing accuracy.

Tips for Applying to Vulnerability Management Analyst

  1. Read the full description and ensure your skills match before applying to Dragonfli Group.
  2. Tailor your CV and cover letter to keywords in the job description — especially for Kesehatan roles.
  3. Click Apply Now to go to Remote Jobs. The hiring process is entirely on the source site.
  4. Prepare an updated portfolio or LinkedIn profile if required during screening.
  5. Beware of payment requests — legitimate jobs do not charge application fees.

Related articles: CV ATS · Career Blog & Tips