Vulnerability Management, Tenable/Nessus & Metrics Analyst
Listed on 2026-07-01
-
IT/Tech
Cybersecurity
Vulnerability Management, Tenable/Nessus & Metrics Analyst
We are seeking a Vulnerability Management, Tenable/Nessus & Metrics Analyst to support vulnerability management, security metrics, remediation tracking, and dashboard reporting in a federal technology environment. This role is designed for an analyst with approximately 1-3 years of relevant experience who can work hands-on with Tenable/Nessus data, Excel, Power BI, iPost exports, ticketing records, and remediation evidence. The analyst will help identify affected systems, validate findings, track remediation ownership, monitor KEVs and Critical/High vulnerabilities, reconcile data across sources, and support leadership reporting.
The role should be positioned as an execution and coordination role. The analyst will not be expected to own enterprise security operations, perform all production patch deployments, or act as the ISSO. The analyst will support TIOCA Security and product/application teams by making vulnerability data accurate, actionable, and reportable.
Primary Responsibilities:
- Tenable/Nessus Vulnerability Analysis, Ad Hoc Scanning, and Native Dashboards
- Vulnerability Management Lifecycle Support
- Metrics, Reporting, and Power BI Dashboarding
- Coordination and Evidence Support
Required Qualifications:
- 1-3 years of experience in cybersecurity operations, vulnerability management, security operations, cyber GRC, IT operations, application support, or related technical/security work.
- Hands-on exposure to Tenable/Nessus vulnerability data, including plugins, CVEs, severity, affected assets, plugin output, first-seen/last-seen dates, and remediation guidance.
- Ability to run authorized ad hoc Tenable/Nessus scans using approved scan templates, target lists, credentials, scan windows, and documented rules of engagement.
- Ability to create or maintain Tenable/Nessus dashboards, saved filters, reports, and exports for vulnerability review and remediation tracking.
- Ability to work with vulnerability exports from Tenable/Nessus and organize findings in Excel, Power BI, SharePoint, Jira, Service Now/CA Service Desk, or similar tools.
- Working understanding of vulnerability management concepts such as severity, KEV, CVE, false positive, remediation evidence, rescan validation, aging, ownership, dependencies, risk acceptance, and due dates.
- Intermediate Power BI or reporting experience, including data imports, transformations, tables, charts, filters, slicers, and dashboard maintenance.
- Strong Excel skills, including filtering, lookups, pivots, conditional formatting, data cleanup, and comparison across exports.
- Ability to communicate clearly with technical teams and non-technical stakeholders about finding status, blockers, evidence, and next steps.
- Strong attention to detail and willingness to reconcile messy data across multiple sources.
- Familiarity with iPost, Tenable/Nessus, Service Now, Jira, Service Desk, SharePoint, Power BI, Splunk, or similar reporting/security tools.
- Exposure to application development, product teams, Dev Sec Ops , SAST, SCA, DAST, container scanning, secrets scanning, or SBOM tooling.
- Experience tracking EOL/EOS software, patch compliance, POA&M aging, remediation exceptions, risk acceptance, or closure evidence.
- Experience supporting federal government cybersecurity programs or regulated environments.
- Familiarity with NIST SP 800-53, RMF, A&A, ATO, POA&M tracking, CISA KEV, BOD 22-01, FedRAMP, or federal vulnerability remediation expectations.
- Exposure to application development, product teams, Dev Sec Ops , SAST, SCA, DAST, container scanning, secrets scanning, or SBOM tooling.
- Basic understanding of Windows Server, Windows workstation, .NET Framework, Java JRE, SQL Server, browser updates, endpoint agents, and common enterprise patching concepts.
Preferred Qualifications
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).