cFocus Software Incorporated · 1 day ago
HHS - Vulnerability Analyst
United States
Full-time
Remote
Senior Level
5+ years expcFocus Software seeks a Vulnerability Analyst to join our program supporting the Department of Health and Human Services (HHS). This role involves performing vulnerability scans, analyzing results, and providing remediation guidance to ensure the security of systems and applications.
ChatbotGovernmentInformation TechnologySoftware
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Perform authenticated and unauthenticated vulnerability scans on a daily and ad hoc basis across servers, workstations, network devices, databases, web applications, APIs, containers, serverless functions, CI/CD pipelines, and Infrastructure as Code (IaC)
Analyze vulnerability scan results to determine applicability, severity, exploitability, and risk using CVSS scoring, threat intelligence, and Known Exploited Vulnerabilities (KEV) catalogs
Provide daily remediation guidance and mitigation strategies to system owners, administrators, developers, and other stakeholders
Maintain and ensure operational health of vulnerability scanning tools, including agents, sensors, integrations, and supporting infrastructure
Coordinate with tool vendors, hosting teams, and network operations to troubleshoot and resolve tool-related issues
Develop and maintain HRSA security configuration baselines using DISA STIGs and Center for Internet Security (CIS) benchmarks
Perform compliance and configuration scans against approved baselines on a weekly, quarterly, and ad hoc basis
Validate remediation through follow-up scans and evidence review and confirm closure of vulnerabilities
Support penetration testing activities, including test planning, execution, exploitation, reporting, and coordination with stakeholders
Conduct application security testing including SAST, DAST, software composition analysis, SBOM review, dependency scanning, and secure code analysis
Support secure DevSecOps practices by integrating automated vulnerability testing into CI/CD pipelines and code repositories
Develop vulnerability dashboards and reports for ISSOs, system owners, engineers, and DCSP leadership
Maintain authoritative asset inventories and correlate data across vulnerability tools, CMDB, eGRC, and cloud inventories to ensure full scanning coverage
Support Incident Response activities by providing vulnerability data, exploit analysis, and remediation recommendations
Develop and maintain vulnerability management SOPs, workflows, and technical documentation
Maintain SLAs for vulnerability scanning requests and remediation tracking
Qualification
Required
Bachelor's degree in Cybersecurity, Information Technology, or related field
Minimum 5–7 years of experience in vulnerability management or security operations
Strong understanding of NIST SP 800-53, NIST SP 800-30, NIST SP 800-137, and HHS vulnerability management requirements
Experience performing vulnerability scanning, analysis, and remediation tracking in federal environments
Experience with secure configuration standards (DISA STIGs, CIS Benchmarks)
Strong analytical, documentation, and communication skills
CEH, Security+, CISSP, GIAC (GSEC, GPEN), or equivalent cybersecurity certifications
Company
cFocus Software Incorporated
cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint.
11-50 employees
Funding
Current Stage
Early StageLeadership Team
Manisha Griesinger, MPH, MSc
Program Manager | U.S. EPA Office of the Chief Financial Officer
Company data provided by crunchbase