Vulnerability Management Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Quzara LLC · 1 week ago

Vulnerability Management Engineer

positionUnited States
timeFull-time
remoteRemote
seniorityMid, Senior Level
date4+ years exp

Quzara LLC is a company focused on providing Authorized Vulnerability Management Services. They are seeking a Vulnerability Management Engineer to oversee the vulnerability management lifecycle, including scanner configuration, continuous monitoring execution, and remediation coordination for federal and regulated customers.

Internet
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Install, configure, maintain, and patch penetration testing toolsets (e.g., Burp Suite Pro, Metasploit, Kali Linux) for use in federal and regulated engagements
Execute and manage monthly FedRAMP Continuous Monitoring (ConMon) activities, including vulnerability scanning, deviation analysis, and POA&M generation
Configure, optimize, and maintain Tenable.io / Nessus scanners and web application scanning (WAS) tools to ensure accurate and comprehensive asset coverage
Own the health, licensing, patching, and lifecycle management of all vulnerability management and penetration testing tools to ensure continuous audit readiness
Analyze scan results and collaborate with Site Reliability Engineers (SREs), infrastructure teams, and application owners to drive timely remediation
Interpret vulnerability data across Windows, Linux, database, container, and web application assets and provide remediation guidance aligned with federal baselines
Support penetration testing preparation and execution by ensuring testing environments, tools, and configurations are compliant and operational
Provide vulnerability evidence, scan reports, and remediation documentation to support FedRAMP, FISMA, and third-party assessment activities
Continuously improve vulnerability management processes, scan coverage, and reporting accuracy across Quzara environments
Other duties as assigned

Qualification

Vulnerability ManagementPenetration TestingTenable.io / NessusNIST 800-53FedRAMP Continuous MonitoringBurp SuiteMetasploitKali LinuxAudit ReadinessRemediation GuidancePOA&M GenerationContinuous ImprovementCollaborationDocumentationCross-functional Teamwork

Required

U.S. Citizen (Required)
4+ years of experience in Vulnerability Management or Penetration Testing support within FedRAMP or Federal environments
Expert-level proficiency with Tenable.io / Nessus, including scanner deployment, policy tuning, and result interpretation
Hands-on experience maintaining and operating penetration testing platforms (e.g., Kali Linux, Burp Suite, Metasploit)
Strong working knowledge of NIST SP 800-53 control requirements and FedRAMP Continuous Monitoring processes
Experience translating vulnerability findings into POA&Ms, remediation plans, and audit-ready documentation
Ability to collaborate cross-functionally with infrastructure, SRE, DevSecOps, and compliance teams

Preferred

Tenable Certified Nessus Expert
Certified Ethical Hacker (CEH)
CompTIA PenTest+
Certified Information Systems Security Professional (CISSP)

Company

Quzara LLC

twittertwittertwitter
company-logo
Quzara is a DC-Based Cybersecurity firm. We are US Government SBA 8(a) Certified, WOSB and GSA HAC SINS approved in every category.
dateFounded in 2015
location
Vienna, Virginia, USA
people-size11-50 employees
web-link
https://www.quzara.com

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Saif Rahman
CEO - Cloud Security, Architecture, XDR
linkedin

Recent News

PR Newswire
Quzara Cybertorch™ Achieves FedRAMP® High Authorization
2025-12-17
PR Newswire
Quzara LLC Awarded GSA Highly Adaptive Cybersecurity Services (HACS) SIN for Incident Handling & Emergency Management (IHEM)
2025-09-23
Quzara LLC and Cybertorch Named to MSSP Alert's 2024 List of Top 250 MSSPs
2024-10-26
Company data provided by crunchbase