Vulnerability Analyst

Job Description

Description

SAIC is seeking a Vulnerability Analyst to support a critical U.S. government agency in the National Capital Region. This role offers an exciting opportunity to lead and contribute to vulnerability management activities, risk assessments, and security compliance initiatives across hybrid environments. The analyst will play a key role in identifying, analyzing, and tracking vulnerabilities using industry-standard tools and processes.

The ideal candidate will have a strong understanding of cybersecurity principles and hands-on experience with vulnerability scanning tools such as Nessus, Tenable Security Center, Tenable.IO, Qualys WAS, or NMAP. This role involves executing complex scans, correlating and analyzing results, coordinating remediation efforts, and supporting compliance reporting. The analyst will work closely with stakeholders across IT, security engineering, and compliance teams to improve the agency’s security posture.

Key Responsibilities:

• Plan and perform vulnerability scans and assessments across on-premises, hybrid, and cloud environments.
• Lead scanning activities for servers, endpoints, applications, and cloud infrastructure using tools such as Nessus, Security Center, Tenable.IO, Qualys WAS, and NMAP.
• Analyze and validate scan results, correlate findings, and determine severity and risk impact to prioritize remediation efforts.
• Collaborate with remediation teams, system owners, and senior security staff to track and resolve identified vulnerabilities.
• Monitor and tune scan configurations, troubleshoot scan failures, and recommend optimizations for improved coverage and performance.
• Maintain and update vulnerability tracking systems, dashboards, and compliance reports using tools like ServiceNow, SharePoint, Microsoft SQL, and PowerBI.
• Develop reports, briefs, and metrics to communicate vulnerability status, remediation progress, and compliance standing to leadership.
• Assist in refining policies, procedures, and workflows related to vulnerability management, security operations, and continuous monitoring.
• Stay up to date on emerging vulnerabilities, CVEs, threat intelligence, and best practices to proactively identify risk areas and improve security controls.

Qualifications

Qualifications & Experience:

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field. An additional 2 years of experience may be substituted for a degree.
• 3–5 years of experience in cybersecurity, vulnerability management, or security operations.
• Hands-on experience with vulnerability scanning tools (e.g., Tenable products, Qualys, or NMAP) and interpreting technical scan results.
• Familiarity with patch management processes, vulnerability remediation, and risk prioritization frameworks (e.g., CVSS, CISA KEV, etc.).
• Demonstrated experience supporting vulnerability lifecycle tracking and reporting using platforms such as ServiceNow, SharePoint, or PowerBI.
• Strong understanding of cybersecurity frameworks (e.g., NIST 800-53, NIST CSF) and basic compliance requirements.

Preferred Qualifications:

• Experience with vulnerability management in cloud environments (Azure, AWS, GCP).
• Proficiency in scripting or automation using Python, PowerShell, SQL, or DAX.
• Familiarity with SIEMs and security tool integration for contextualizing vulnerability data.
• Certifications such as CompTIA Security+, CySA+, CEH, or equivalent cybersecurity certifications.
• Strong communication and reporting skills, including experience presenting technical findings to non-technical audiences.
• Proven ability to work independently and collaborate with cross-functional teams in a fast-paced environment.

Clearance Requirement:

• All candidates must be eligible to obtain a U.S. Public Trust Clearance.

**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**

Overview

SAIC accepts applications on an ongoing basis and there is no deadline.

SAIC® is a premier Fortune 500® mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives.

We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.