×
Register Here to Apply for Jobs or Post Jobs. X

Risk and Vulnerability Analyst II

Job in Chandler, Maricopa County, Arizona, 85286, USA
Listing for: Harmonia | Revolutional
Full Time position
Listed on 2026-07-03
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below

Risk and Vulnerability Analyst II

As a Risk and Vulnerability Analyst II at Revolutional, you own the scanning and vulnerability identification pipeline across a large-scale federal enterprise. You run ad hoc and automated scans across operating systems, databases, web applications, cloud environments, and APIs — and you do it with the precision and consistency that compliance-driven federal programs demand.

You are technically skilled and operationally reliable. You troubleshoot scanning issues before they become coverage gaps, automate what can be automated, and produce findings that give security teams and leadership an accurate picture of enterprise risk. You are organized, customer-focused, and understand that vulnerability management is a service function as much as a technical one.

Responsibilities
  • Execute ad hoc and automated vulnerability scans across operating systems, databases, and web applications using industry-accepted scanning tools
  • Conduct cloud compliance scans across federal and commercial cloud environments; troubleshoot scanning configuration issues and ensure continuous coverage
  • Perform on-site scanning operations as required, coordinating with system owners and network teams to maintain scan fidelity and minimize operational impact
  • Execute Information Security Vulnerability Management (ISVM) scans and ensure results align with compliance requirements and program reporting standards
  • Conduct API discovery and scanning to identify undocumented or unsecured API endpoints across the enterprise environment
  • Develop and maintain scanning automation to improve coverage, consistency, and efficiency across the vulnerability management program
  • Triage and validate scan findings; differentiate true positives from false positives and prioritize results based on risk and asset criticality
  • Track vulnerability findings through the remediation lifecycle; coordinate with system owners and security teams to ensure timely closure
  • Produce clear, accurate vulnerability reports and compliance dashboards for technical teams and program leadership
  • Maintain scanning tool configurations, credentials, and schedules; ensure tooling remains current and aligned with the evolving enterprise asset inventory
  • Support continuous monitoring requirements and contribute to FISMA compliance reporting as it relates to vulnerability management
What You Bring (Requirements)
Baseline Requirements
  • Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
  • 3 to 5 years of security-related experience with a focus on vulnerability management and scanning operations
  • Secret eligibility required
Technical & Domain Capabilities
  • Hands-on experience with industry-accepted vulnerability scanning tools (e.g., Tenable Nessus, Qualys, Rapid7, or equivalent) for OS, database, and web application scanning
  • Experience conducting cloud compliance scans across commercial or Gov Cloud environments
  • Experience with on-site scanning operations and troubleshooting scanning-related issues including authentication, network access, and tool configuration
  • Experience with ISVM scans and federal vulnerability management compliance requirements
  • Experience with API discovery and scanning methodologies and tools
  • Demonstrated ability to automate scanning workflows using scripting, scheduling tools, or platform-native automation capabilities
  • Familiarity with vulnerability scoring frameworks (CVSS) and risk-based prioritization of findings
  • Understanding of federal security compliance requirements including FISMA and NIST RMF as they apply to vulnerability management
Core Strengths
  • Highly organized: you manage multiple scan schedules, asset inventories, and remediation tracks simultaneously without dropping coverage
  • Customer-service oriented — you work collaboratively with system owners and technical teams, not around them
  • Detail-oriented with strong documentation habits; your scan configurations and findings are reproducible and audit-ready
  • Problem-solver who troubleshoots scanning issues independently and doesn't wait for perfect conditions to maintain coverage
Nice to Have (Differentiators)
  • Vulnerability management certifications:
    Tenable Certified Security Associate, Qualys Certified Specialist, or equivalent platform certification
  • Security certifications:
    CompTIA Security+, CySA+, or equivalent
  • Experience with vulnerability management in a federal civilian or defense environment
  • Familiarity with SCAP (Security Content Automation Protocol) and STIG compliance scanning
  • Experience integrating vulnerability scan data into SIEM platforms or risk dashboards
  • Background in API security testing or web application vulnerability assessment
  • Active Secret clearance
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary