Vulnerability Management Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Quzara LLC · 1 month ago

Vulnerability Management Engineer

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
date4+ years exp

Quzara LLC is seeking a Vulnerability Management Engineer (FedRAMP & Pen Test Support) to deliver and scale their Authorized Vulnerability Management Services. This role involves managing the vulnerability management lifecycle and providing technical support for penetration testing efforts, particularly in federal and regulated environments.

Internet
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Install, configure, maintain, and patch penetration testing toolsets (e.g., Burp Suite Pro, Metasploit, Kali Linux) for use in federal and regulated engagements
Execute and manage monthly FedRAMP Continuous Monitoring (ConMon) activities, including vulnerability scanning, deviation analysis, and POA&M generation
Configure, optimize, and maintain Tenable.io / Nessus scanners and web application scanning (WAS) tools to ensure accurate and comprehensive asset coverage
Own the health, licensing, patching, and lifecycle management of all vulnerability management and penetration testing tools to ensure continuous audit readiness
Analyze scan results and collaborate with Site Reliability Engineers (SREs), infrastructure teams, and application owners to drive timely remediation
Interpret vulnerability data across Windows, Linux, database, container, and web application assets and provide remediation guidance aligned with federal baselines
Support penetration testing preparation and execution by ensuring testing environments, tools, and configurations are compliant and operational
Provide vulnerability evidence, scan reports, and remediation documentation to support FedRAMP, FISMA, and third-party assessment activities
Continuously improve vulnerability management processes, scan coverage, and reporting accuracy across Quzara environments

Qualification

Vulnerability ManagementPenetration TestingTenable.io / NessusFedRAMP Continuous MonitoringNIST 800-53Burp SuiteMetasploitKali LinuxAudit ReadinessRemediation PlanningCollaborationDocumentationCross-functional TeamworkCommunication

Required

4+ years of experience in Vulnerability Management or Penetration Testing support within FedRAMP or Federal environments
Expert-level proficiency with Tenable.io / Nessus, including scanner deployment, policy tuning, and result interpretation
Hands-on experience maintaining and operating penetration testing platforms (e.g., Kali Linux, Burp Suite, Metasploit)
Strong working knowledge of NIST SP 800-53 control requirements and FedRAMP Continuous Monitoring processes
Experience translating vulnerability findings into POA&Ms, remediation plans, and audit-ready documentation
Ability to collaborate cross-functionally with infrastructure, SRE, DevSecOps, and compliance teams
Must be a U.S. Citizen and eligible to support federal contracting environments

Preferred

Tenable Certified Nessus Expert
Certified Ethical Hacker (CEH)
CompTIA PenTest+
Certified Information Systems Security Professional (CISSP)

Company

Quzara LLC

twittertwittertwitter
company-logo
Quzara is a DC-Based Cybersecurity firm. We are US Government SBA 8(a) Certified, WOSB and GSA HAC SINS approved in every category.
dateFounded in 2015
location
Vienna, Virginia, USA
people-size11-50 employees
web-link
https://www.quzara.com

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Saif Rahman
CEO - Cloud Security, Architecture, XDR
linkedin

Recent News

PR Newswire
Quzara Cybertorch™ Achieves FedRAMP® High Authorization
2025-12-17
PR Newswire
Quzara LLC Awarded GSA Highly Adaptive Cybersecurity Services (HACS) SIN for Incident Handling & Emergency Management (IHEM)
2025-09-23
Quzara LLC and Cybertorch Named to MSSP Alert's 2024 List of Top 250 MSSPs
2024-10-26
Company data provided by crunchbase