Haystack
← Back to Jobs
Employee
Administrative

Vulnerability Analyst II with Security Clearance

Koniag Government ServicesWashington, DC🇺🇸United StatesPosted 15 Jul 2026

Quick Overview

Work Type
Hybrid
Schedule
Employee
Level
Mid Senior

Job Description

Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Vulnerability Analyst II to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust. We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more. Koniag Data Solutions, a Koniag Government Services company, is seeking a skilled and experienced Vulnerability Analyst II to support the U.S. Small Business Administration (SBA). The ideal candidate is a mid-level cybersecurity professional with solid experience in vulnerability management, security assessment, and risk analysis within federal government IT environments. This individual will play a key role in identifying, analyzing, and tracking vulnerabilities across SBA's enterprise IT environment, working closely with system owners, IT operations teams, and the broader cybersecurity program to ensure timely and effective remediation of security weaknesses and maintenance of a strong security posture. The Vulnerability Analyst II will serve as a mid-level vulnerability management professional responsible for conducting vulnerability assessments, analyzing scan results, tracking remediation activities, and supporting the continuous improvement of SBA's vulnerability management program. Principal responsibilities will include but are not limited to: * Plan, configure, and execute vulnerability scans across SBA's enterprise IT environment, including network infrastructure, servers, workstations, web applications, databases, and cloud-hosted assets, using enterprise vulnerability scanning platforms such as Tenable Nessus, Tenable.io, Qualys, or equivalent tools. * Analyze and interpret vulnerability scan results, applying knowledge of common vulnerability scoring systems (CVSS), exploit availability, asset criticality, and threat context to accurately assess the real-world risk posed by identified vulnerabilities and prioritize remediation activities accordingly. * Develop and maintain comprehensive vulnerability management reports, dashboards, and metrics, providing SBA leadership, system owners, and IT operations teams with clear visibility into the current vulnerability posture, remediation progress, and trending risk levels across SBA's enterprise environment. * Coordinate with system owners, IT operations teams, and application teams to communicate identified vulnerabilities, provide technical remediation guidance, track remediation activities, and validate the effectiveness of applied patches, configuration changes, and mitigations. * Support the development and maintenance of SBA's vulnerability management program documentation, including vulnerability management policies, procedures, scanning methodologies, and remediation tracking processes, ensuring alignment with NIST SP 800-40, federal vulnerability management guidance, and CISA BODs and EDs. * Assist in the integration of vulnerability management activities with SBA's POA&M program, ensuring identified vulnerabilities are accurately documented, tracked, and reported within the POA&M framework in accordance with FISMA and SBA security requirements. * Conduct configuration compliance assessments using security configuration baselines such as CIS Benchmarks and DISA STIGs, identifying configuration weaknesses and deviations from approved baselines across SBA's system portfolio and coordinating remediation activities with IT operations teams. * Support the assessment and documentation of vulnerability risk exceptions and remediation deadline extension requests, evaluating the technical justification and compensating controls proposed by system owners and preparing risk acceptance documentation for review by senior security staff. * Monitor and analyze vulnerability and threat intelligence from government and commercial sources, including CISA KEV (Known Exploited Vulnerabilities) catalog, NVD, US-CERT advisories, and commercial threat intelligence feeds, to identify emerging vulnerabilities and active exploit campaigns relevant to SBA's technology environment and prioritize response activities accordingly. * Collaborate with the SOC team to correlate vulnerability data with threat intelligence and active security monitoring findings, supporting a risk-informed approach to vulnerability prioritization and enabling more effective detection and response to exploitation attempts. * Support penetration testing activities by providing vulnerability data, scan results, and asset inventory information to support scoping and planning of penetration test engagements and assisting in the validation of penetration test findings against known vulnerability data. * Assist in the development and maintenance of SBA's asset inventory and asset management program, ensuring accurate and current records of SBA's IT assets, system configurations, and software inventory to support comprehensive vulnerability scanning coverage and risk analysis. * Prepare and deliver vulnerability management briefings, status reports, and technical presentations to SBA stakeholders, clearly communicating vulnerability findings, remediation status, risk levels, and program performance metrics. * Support vulnerability management activities for cloud-hosted assets and services, including the configuration and execution of cloud vulnerability scans and the assessment of cloud-specific security misconfigurations and vulnerabilities across AWS, Azure, and/or GCP environments. * Contribute to the continuous improvement of SBA's vulnerability management program, identifying opportunities to enhance scanning coverage, remediation tracking efficiency, reporting quality, and overall program effectiveness. Education and Experience:
Required: * Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field from an accredited college or university. * 3+ years of progressive experience in vulnerability management, security assessment, or a closely related cybersecurity field, with demonstrated hands-on experience conducting vulnerability assessments and supporting vulnerability management programs within a federal government or large enterprise IT environment. * Demonstrated experience using enterprise vulnerability scanning platforms such as Tenable Nessus, Tenable.io, Qualys, or equivalent tools to conduct vulnerability assessments across diverse IT environments. * One or more of the following certifications: * CompTIA Security+ * CompTIA CySA+ * GIAC Security Essentials (GSEC) * Tenable Certified Security Engineer (TCSE) or Tenable.io Certification * Certified Information Systems Security Professional (CISSP) * GIAC Certified Enterprise Defender (GCED) Desired: * 5+ years of vulnerability management experience, with a strong background supporting federal civilian agency vulnerability management programs. * Prior experience supporting SBA or other federal civilian agency vulnerability management programs. * Certified Ethical Hacker (CEH) or equivalent offensive security certification demonstrating foundational penetration testing knowledge. Required Skills and Competencies: * Strong communication skills in English - both written and oral - with the ability to clearly communicate vulnerability findings, risk assessments, remediation recommendations, and program status to diverse audiences, including technical staff, system owners, program managers, and senior SBA leadership. * Solid hands-on experience planning, configuring, and executing vulnerability scans across diverse IT environments using enterprise vulnerability scanning platforms, with demonstrated ability to interpret scan results accurately and assess real-world vulnerability risk. * Strong understanding of common vulnerability scoring systems, including CVSS v3.x, and the ability to apply CVSS scores in conjunction with threat context, asset criticality, and exploit availability to develop risk-informed vulnerability prioritization recommendations. * Knowledge of common vulnerability types affecting enterprise IT environments, including operating system vulnerabilities, application vulnerabilities, web application vulnerabilities, network device vulnerabilities, database vulnerabilities, and cloud service misconfigurations. * Experience conducting configuration compliance assessments using CIS Benchmarks, DISA STIGs, and other security configuration baselines, with the ability to identify configuration weaknesses and develop practical remediation recommendations. * Familiarity with federal vulnerability management frameworks, guidelines, and compliance requirements, including NIST SP 800-40, NIST SP 800-53, FISMA, and applicable CISA BODs and EDs governing vulnerability management and patch management activities. * Experience developing vulnerability management reports, dashboards, and metrics that effectively communicate vulnerability posture, remediation progress, and risk trends to diverse stakeholder audiences. * Ability to coordinate effectively with system owners, IT operations teams, and application teams to communicate vulnerability findings, provide remediation guidance, track remediation progress, and validate remediation effectiveness. * Familiarity with POA&M management concepts and experience supporting the integration of vulnerability management findings into POA&M tracking and reporting processes within a federal government environment. * Knowledge of patch management concepts and processes, including an understanding of common patching tools and methodologies used in enterprise IT environments to remediate identified vulnerabilities. * Basic familiarity with threat intelligence concepts and the ability to incorporate vulnerability-relevant threat intelligence, including the CISA KEV catalog and NVD data, into vulnerability prioritizat

Similar jobs