Job Title: Vulnerability Management Engineer (FedRAMP & Pen Test Support)
Pay Type: SALARIED EXEMPT
Location: Remote
Citizenship Requirement: U.S. Citizen (Required)
Summary of Position Role/Responsibilities
The Vulnerability Management Engineer (FedRAMP & Pen Test Support) is responsible for delivering and scaling Quzara’s Authorized Vulnerability Management Services while providing technical enablement for high-impact penetration testing efforts supporting federal and regulated customers. This role owns the end-to-end vulnerability management lifecycle, including scanner configuration, continuous monitoring execution, remediation coordination, and tool maintenance.
The position requires hands-on expertise with enterprise vulnerability scanning platforms and penetration testing toolchains, as well as a deep understanding of FedRAMP Continuous Monitoring (ConMon) and NIST 800-53 requirements. The ideal candidate is a practitioner who can operate independently in regulated environments, maintain audit-ready tooling, and translate scan output into actionable remediation guidance.
Essential Functions of the Job
- Install, configure, maintain, and patch penetration testing toolsets (e.g., Burp Suite Pro, Metasploit, Kali Linux) for use in federal and regulated engagements.
- Execute and manage monthly FedRAMP Continuous Monitoring (ConMon) activities, including vulnerability scanning, deviation analysis, and POA&M generation.
- Configure, optimize, and maintain Tenable.io / Nessus scanners and web application scanning (WAS) tools to ensure accurate and comprehensive asset coverage.
- Own the health, licensing, patching, and lifecycle management of all vulnerability management and penetration testing tools to ensure continuous audit readiness.
- Analyze scan results and collaborate with Site Reliability Engineers (SREs), infrastructure teams, and application owners to drive timely remediation.
- Interpret vulnerability data across Windows, Linux, database, container, and web application assets and provide remediation guidance aligned with federal baselines.
- Support penetration testing preparation and execution by ensuring testing environments, tools, and configurations are compliant and operational.
- Provide vulnerability evidence, scan reports, and remediation documentation to support FedRAMP, FISMA, and third-party assessment activities.
- Continuously improve vulnerability management processes, scan coverage, and reporting accuracy across Quzara environments..
Marginal Functions of the Job
Normal Work Schedule
This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.
Education, Training, and Experience
- 4+ years of experience in Vulnerability Management or Penetration Testing support within FedRAMP or Federal environments.
- Expert-level proficiency with Tenable.io / Nessus, including scanner deployment, policy tuning, and result interpretation.
- Hands-on experience maintaining and operating penetration testing platforms (e.g., Kali Linux, Burp Suite, Metasploit).
- Strong working knowledge of NIST SP 800-53 control requirements and FedRAMP Continuous Monitoring processes.
- Experience translating vulnerability findings into POA&Ms, remediation plans, and audit-ready documentation.
- Ability to collaborate cross-functionally with infrastructure, SRE, DevSecOps, and compliance teams.
- Must be a U.S. Citizen and eligible to support federal contracting environments.
Preferred Certifications
- Tenable Certified Nessus Expert
- One or more of the following:
- Certified Ethical Hacker (CEH)
- CompTIA PenTest+
- Certified Information Systems Security Professional (CISSP).
EEO Statement
The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.
