Logo for K2United

Mid-Level Vulnerability Management Engineer

Role overview

Qualifications

  • Bachelor's degree in a related field or equivalent experience
  • Five or more years of hands-on enterprise vulnerability management and scanning experience
  • Experience administering enterprise scanning platforms such as Tenable.sc, Nessus, Qualys, Rapid7, or similar tools
  • Strong analytical, organizational, and communication skills

Responsibilities

  • Manage, operate, and maintain vulnerability-management infrastructure
  • Perform host-based, network-based, application, and database vulnerability scanning
  • Analyze scan results to identify the highest-risk vulnerabilities and recommend mitigation steps
  • Coordinate with program areas and system owners to prioritize mitigation steps

Key facts

Other skills

  • Analytical Skills
  • Organizational Skills
  • Verbal Communication Skills
  • Collaboration
  • Problem Solving

About the company

K2United logo

K2United

IT Services & IT Consulting

Company details

IndustryIT Services & IT Consulting

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Job Type
Contract
Description

  

K2United is an organization that houses two distinct, national, customer-facing brands tied together by a shared purpose: setting the standard for an extraordinary workplace. Through our brands, K2Share and CareerSafe, we provide advisory services in cyber risk management and online education for workforce readiness.


Our four core values define how we show up every day:

  • Respect Others - We lead with respect, building trust and connection.
  • Internally Driven - We are relentlessly compelled to accomplish our objectives.
  • Collaborative Innovation - We create by listening, sharing, and working together.
  • Client Success - We hold our clients' mission as our own.

We believe in people who are accountable, curious, and motivated to make an impact that matters.


Our programs make a meaningful difference. CareerSafe supports more than two million users each year, while K2Share delivers cybersecurity and IT solutions that strengthen federal agencies. As part of our team, you'll help solve complex challenges in a mission-driven, small-business environment that values professional growth, collaboration, and work-life balance.


K2Share is seeking a Vulnerability Management Engineer to support a federal health-sector client. In this role, you will lead the identification, analysis, communication, and remediation of vulnerabilities across client-managed systems, devices, and software. You will help reduce operational risk through proactive scanning, disciplined reporting, and close coordination with technical stakeholders across the enterprise.


This position supports a large enterprise environment under continuous vulnerability management, including recurring host and application scanning and additional targeted assessments as needed. 


About You


You are a hands-on vulnerability management professional who understands that effective security work is not just about finding issues. It is about helping organizations act on them quickly and effectively. You are comfortable operating scanning infrastructure, analyzing results, and working with system owners to drive remediation across complex hybrid environments.


You know how to balance urgency with rigor. You can identify the highest-risk issues, communicate them clearly, and track them through resolution in accordance with federal policy and operational timelines. You are also comfortable working across technical teams and government stakeholders, bringing structure to ambiguous problems and helping mature an enterprise vulnerability-management program over time.


You thrive in a role where your work directly improves the security posture of mission-critical systems. You are detail-oriented, collaborative, and able to move from technical analysis to actionable guidance without losing sight of the larger risk picture.


Your Impact


As the Vulnerability Management Engineer, you will play a central role in strengthening the client's cyber defense posture. You will operate the vulnerability-management function, support enterprise scanning and remediation workflows, and help ensure vulnerabilities are identified, prioritized, and addressed in a timely and compliant manner.


In this role, you will:

  • Manage, operate, and maintain vulnerability-management infrastructure capable of performing credentialed scans across approved client-managed managed systems, devices, and applications.
  • Perform host-based, network-based, application, and database vulnerability scanning and deliver actionable remediation guidance.
  • Analyze scan results and network architecture to identify the highest-risk vulnerabilities and recommend appropriate mitigation steps.
  • Conduct specialized assessments for High Value Assets (HVAs) and other designated systems, ensuring reports meet HVA requirements.
  • Support the implementation, operation, and maintenance of vulnerability-management projects within client's Information Security Project Dashboard.
  • Alert technical points of contact to risks posed by vulnerabilities, missing assets, configuration errors, and unauthorized software or hardware.
  • Escalate critical vulnerabilities within 24 hours and track remediation to closure in accordance with applicable federal, department, and agency policy and contractual remediation timelines. 
  • Monitor the CISA Known Exploited Vulnerabilities (KEV) Catalog and other authoritative sources to support timely remediation and compliance with applicable Binding  Operational Directives.
  • Coordinate with program areas and system owners to prioritize mitigation steps, including end-user mitigation activities when needed.
  • Provide risk analysis for identified vulnerabilities and system change requests.
  • Drive findings to verified closure through ticketed workflows, coordinating with the separate technical teams that perform system patching, and validate remediation through authenticated re-scans with recorded evidence.  
  • Maintain regular communication with client and department stakeholders to support collaboration, process improvement, tool tuning, information sharing, and compromise response.
  • Monitor government and private-sector vulnerability sources to identify emerging risks that may  affect client-managed systems.
  • Contribute to vulnerability management reporting and ad hoc compliance deliverables supporting department, DHS, and FISMA requirements.
Requirements

  

  • Bachelor's degree in a related field, or equivalent experience as allowed by company and contract policy.
  • Five or more years of hands-on enterprise vulnerability management and scanning experience.
  • Experience administering enterprise scanning platforms such as Tenable.sc, Nessus, Qualys, Rapid7, or similar tools.
  • Experience performing credentialed scanning at scale across hybrid environments.
  • Experience with host-based, network-based, application, and database vulnerability scanning.
  • Direct experience tracking and remediating vulnerabilities against the CISA KEV Catalog and CISA Binding Operational Directives 22-01 and 26-04, successor directives.
  • Familiarity with High Value Asset (HVA) assessment requirements.
  • Working knowledge of NIST SP 800-53 Rev. 5, FISMA, and FIPS 199.
  • Strong analytical, organizational, and communication skills with the ability to work effectively across technical and government stakeholders.
  • Ability to meet federal background investigation requirements.

Preferred Qualifications

  • Active certification such as CISSP, GIAC (GWAPT, GPEN, GCIA), CompTIA Security+/CySA+, or vendor certifications for Tenable or Qualys.
  • Experience with cloud vulnerability scanning in AWS and/or Azure.
  • Scripting or automation experience using Python, PowerShell, or similar tools.
  • Prior support to federal civilian agency cybersecurity programs. 

Benefits

We're invested in the people who make our success possible. As a K2United employee, you'll enjoy a comprehensive benefits package designed to support your professional and personal well-being, including:

  • 401(k) with employer matching
  • Low-cost medical coverage for employees and their families
  • Paid time off
  • Paid leave for jury duty, military service, voting, and other qualifying events
  • Wellness stipend, including  fitness reimbursement
  • Tuition assistance
  • Casual work environment
  • Technical training and certification support
  • Complimentary access to CareerSafe online training courses for employees and their immediate      family

Equal Opportunity Employer

K2United is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other characteristic protected by applicable law.

Salary Description
$80,000 - $105,000

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Related jobs

Other jobs at K2United

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.