Risk and Vulnerability Analyst II
Revolutional
Revolutional delivers advanced technology solutions and mission support to federal agencies across civilian, health, and national security environments. We apply modern capabilities, including AI/ML, cloud, cybersecurity, and IT modernization to solve complex challenges, enable faster and more secure operations, and drive measurable mission outcomes. We are redefining how federal technology gets built and delivered by operating with a product mindset, prioritizing speed, ownership, and execution over bureaucracy. Title: Risk and Vulnerability Analyst II Location: Washington, DC or Chandler, AZ Terms: Full-time Clearance: Secret eligibility required Travel: 0-20% As a Risk and Vulnerability Analyst II at Revolutional, you own the scanning and vulnerability identification pipeline across a large‑scale federal enterprise. You run ad hoc and automated scans across operating systems, databases, web applications, cloud environments, and APIs — and you do it with the precision and consistency that compliance‑driven federal programs demand. You are technically skilled and operationally reliable. You troubleshoot scanning issues before they become coverage gaps, automate what can be automated, and produce findings that give security teams and leadership an accurate picture of enterprise risk. You are organized, customer‑focused, and understand that vulnerability management is a service function as much as a technical one. Responsibilities Execute ad hoc and automated vulnerability scans across operating systems, databases, and web applications using industry‑accepted scanning tools Conduct cloud compliance scans across federal and commercial cloud environments; troubleshoot scanning configuration issues and ensure continuous coverage Perform on‑site scanning operations as required, coordinating with system owners and network teams to maintain scan fidelity and minimize operational impact Execute Information Security Vulnerability Management (ISVM) scans and ensure results align with compliance requirements and program reporting standards Conduct API discovery and scanning to identify undocumented or unsecured API endpoints across the enterprise environment Develop and maintain scanning automation to improve coverage, consistency, and efficiency across the vulnerability management program Triage and validate scan findings; differentiate true positives from false positives and prioritize results based on risk and asset criticality Track vulnerability findings through the remediation lifecycle; coordinate with system owners and security teams to ensure timely closure Produce clear, accurate vulnerability reports and compliance dashboards for technical teams and program leadership Maintain scanning tool configurations, credentials, and schedules; ensure tooling remains current and aligned with the evolving enterprise asset inventory Support continuous monitoring requirements and contribute to FISMA compliance reporting as it relates to vulnerability management What You Bring (Requirements) Baseline Requirements Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience) 3 to 5 years of security‑related experience with a focus on vulnerability management and scanning operations Secret eligibility required Technical & Domain Capabilities Hands‑on experience with industry‑accepted vulnerability scanning tools (e.g., Tenable Nessus, Qualys, Rapid7, or equivalent) for OS, database, and web application scanning Experience conducting cloud compliance scans across commercial or GovCloud environments Experience with on‑site scanning operations and troubleshooting scanning‑related issues including authentication, network access, and tool configuration Experience with ISVM scans and federal vulnerability management compliance requirements Experience with API discovery and scanning methodologies and tools Demonstrated ability to automate scanning workflows using scripting, scheduling tools, or platform‑native automation capabilities Familiarity with vulnerability scoring frameworks (CVSS) and risk‑based prioritization of findings Understanding of federal security compliance requirements including FISMA and NIST RMF as they apply to vulnerability management Core Strengths Highly organized: you manage multiple scan schedules, asset inventories, and remediation tracks simultaneously without dropping coverage Customer‑service oriented — you work collaboratively with system owners and technical teams, not around them Detail‑oriented with strong documentation habits; your scan configurations and findings are reproducible and audit‑ready Problem‑solver who troubleshoots scanning issues independently and doesn’t wait for perfect conditions to maintain coverage Nice to Have (Differentiators) Vulnerability management certifications: Tenable Certified Security Associate, Qualys Certified Specialist, or equivalent platform certification Security certifications: CompTIA Security+, CySA+, or equivalent Experience with vulnerability management in a federal civilian or defense environment Familiarity with SCAP (Security Content Automation Protocol) and STIG compliance scanning Experience integrating vulnerability scan data into SIEM platforms or risk dashboards Background in API security testing or web application vulnerability assessment Active Secret clearance Benefits Traditional and HSA‑eligible medical insurance plans 100% employer‑paid dental and vision insurance options 100% employer‑sponsored STD, LTD, and life insurance 5% 401(k) company matching Flexible‑schedules and teleworking options Paid holidays and PTO Accrual Plans Paid Parental Leave Professional development and career growth opportunities Team and company‑wide events, recognition, and appreciation Revolutional is an Equal Opportunity Employer providing equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, national origin, age, gender, gender identity, sexual orientation, disability, or genetics. Revolutional does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily. Other duties in addition to those listed may be assigned as necessary to meet business needs. Reasonable accommodation will be made to enable an applicant with a disability to successfully apply for and/or perform the essential duties of the job. If you are in need of an accommodation, please contact View email address on click.appcast.io. #J-18808-Ljbffr Revolutional
- Revolutional is looking for a Risk and Vulnerability Analyst II in Washington, DC. You will lead vulnerability scanning efforts across a large-scale federal enterprise, ensuring compliance and security across various systems. The ideal candidate has 3 to 5 years of experience...RiskRemote jobFull timeFlexible hours
$140.5k - $210.5k
Sr. Cybersecurity Analyst II (Sr Vulnerability Analyst) - Information Technology Primary Location: DC‑Washington Employee Status: Regular Overtime... ...and compromises; author project plans, schedules, and risk assessments. Qualifications Minimum Education: Bachelor’s...RiskWork at officeRelocation- ...leadership, and trusted results to enable national security missions worldwide. Job Description Overview SOSi is seeking a Risk and Vulnerability Analyst II to support vulnerability assessment and risk analysis activities in alignment with our customer. This role is...RiskContract workWork at officeWorldwideMonday to FridayWeekend workAfternoon shift
- A leading technology and services integrator in Washington is seeking a Risk and Vulnerability Analyst II to support its vulnerability assessment and risk analysis activities. The role includes conducting vulnerability scanning, troubleshooting scan issues, and improving...RiskContract workWeekend workAfternoon shift
$140.5k - $210k
...adequately protected. Able to characterize and manage complex risks to mitigate cyber threats. With limited guidance, proactively... ...containment, eradication, and remediation. Oversees implementation of vulnerability scans and ensures operational systems are adequately patched...RiskFull timeWork at office- Watermark Risk Management International, LLC is seeking an Information Systems Security Officer II to support DoD and government contracting environments in Washington, DC. The role focuses on ensuring proper authorization packages, maintaining security documentation,...Risk
- ...dedication to excellence. This candidate will execute vulnerability identification, scanning, analysis, and coordination to reduce... ...on-site scanning as required. Analyze findings, prioritize risk, and track remediation progress. Troubleshoot scanning...RiskWork at office
$87.1k - $157.45k
...Leidos has a career opportunity for a Vulnerability Management Analyst to support the Air Force National Capital... ...to help identify potential CAT I/II/III findings, false positives, and basic... ...knowledge of DISA STIGs, vulnerability risk levels, and POA&M remediation...RiskWork at officeLocal areaImmediate startWorldwide$97.24k - $131.56k
...Required: None Job Family: Cyber and IT Risk Management Job Description: The ISSO is... ...assessment plans. Identify cyber security vulnerabilities and assist with the implementation of the... ...Certifications: ~ IAT Level II or IAM Level II (Security+ CE, CCNA Security...RiskFull timeTemporary workPart timeWork at officeImmediate startRemote workWorldwideFlexible hours- ...DHS Information System Security Officer II Location: NCR Clearance: TS/SCI OneZero... ...Act (FISMA) compliance, execution of the Risk Management Framework (RMF) process to achieve... ...of security assessments, audits, and vulnerability management programs, identifying and mitigating...RiskFull timeContract workWork at office
$97.24k - $118.56k
Information Systems Security Officer II Responsibilities Assist the ISSM in meeting... ...assessment plans Identify cyber security vulnerabilities and assist with the implementation of the... ...federal, state, and local laws. #J-18808-Ljbffr Watermark Risk Management International, LLCRiskHourly payContract workFor contractorsWork experience placementLocal area- ...Information System Security Manager (ISSM) II to oversee and manage the implementation... ...posture of information systems, managing risk, and maintaining compliance with... ...Monitor system security posture and respond to vulnerabilities, incidents, and threats Coordinate security...Risk
$114.94k - $138.48k
IT Security Specialist II - Security Operations & Compliance GAMA-1 Technologies, LLC... ...and monitoring tools to identify vulnerabilities and monitor system security. Collect, organize... ...and timely resolution of identified risks. Maintain awareness of evolving cybersecurity...RiskFull timeContract workWork experience placementWork at officeRemote workOverseas1 day per week- Description The Cyber Security Specialist II/III supports cybersecurity engineering... ...monitor security posture, and remediate vulnerabilities across supported systems. This position is... ...support security control implementation and risk reduction. Active DoD Secret clearance (...RiskWork at office
$95k - $112k
...assess the security of customer systems. Identify vulnerabilities and develop recommended remediations to satisfy mandated... ...Tester (GXPN) Zero Point Security Red Team Ops II Advanced understanding of the following: NIST Risk Management Framework (RMF) and the Assessment and...RiskContract workRemote work$86k - $138k
...the security of customer systems. Identify vulnerabilities and develop recommended remediations to satisfy... ...Tester (GXPN) Zero Point Security Red Team Ops II Advanced understanding of the following: NIST Risk Management Framework (RMF) and the Assessment...RiskContract workFlexible hoursShift work- Our client is seeking a Network Vulnerability Analyst to join their team in Washington, D.C. . As a key part of the security team, you will support... ...technical and executive audiences, including metrics and risk summaries. Qualifications 5+ years of IT experience, with...Risk
$104.04k - $140.76k
Watermark Risk Management International, LLC is seeking a Program Security Representative II in Washington, DC. This role focuses on providing comprehensive security support for Special Access Programs, ensuring robust adherence to security protocols and conducting compliance...Risk- A security services company is hiring a Security Specialist II - Risk Assessment Specialist in Washington, DC. This full-time role requires managing the Position Description database, conducting Risk Designation assessments, and maintaining accurate contractor information...RiskFull timeFor contractors
- ...U.S. Government customer to provide cybersecurity vulnerability analysis support to reduce the prevalence and impact... ...Resources (CIKR). The Cybersecurity Vulnerability Analyst utilizes cybersecurity best practices, risk management techniques, critical thinking, and strong...Risk
- ...Business. SUBJECT MATTER EXPERTS specializing in security and risk management. We’re intimately familiar with DOD security programs... ..., our people come first! Activity Security Representative II The Activity Security Representative’s primary function is to...RiskHourly payContract workFor contractorsWork experience placementLocal area
- Armada is seeking a Security Specialist II - Risk Assessment to manage the Position Description (PD) database, identify PDs needing risk designations, and maintain accurate contractor and vendor data. The role supports the SOC with assessments, form processing, and investigations...RiskFor contractors
$110.39k - $172.66k
...leading engineering firm is seeking a Project Controls Specialist II to support project management for infrastructure projects in... ...controls. Strong analytical skills and experience with budgeting and risk management are crucial. The role is based in Washington, DC with...Risk- ...Apply today and be more with Baker. Summary The Project Manager II provides overall management direction on complex project(s). Establishes... ...Manages the Construction Process Manages Project Safety and Risk Management Processes Ensures a Safe Work Environment Participates...RiskFor contractors
$60k - $180k
...Penetration Tester II Chandler, AZ or Washington, DC - Secret clearance required M9 Solutions is dedicated to providing IT services and solutions to the Federal Government by mobilizing the right people, skills, clearance levels, and technologies to help organizations...Contract work$90k - $105k
...methodologies, tools, and templates for consistent project delivery. Risk Management: Identify potential project risks, develop mitigation... ...or utilities, preferably within a PMO setting. Level II - 5-7 years of project management experience, in construction or...Risk- ...in securing complex systems, conducting risk assessments, designing secure system architectures... ...system compliance with IASAE Level II frameworks and DoD regulations. Conduct security assessments, gap analyses, and vulnerability mitigation planning. Technical...RiskFull timeRemote work
$140k - $150k
...Job Title: Project Manager II Location: Silver Spring, MD - Hybrid Clearance Required: Public Trust Eligible Salary Range: $140K - $... ...Plan (PMP). Manage project scope, schedule, staffing, deliverables, risks, and overall contract performance. Coordinate and oversee day-to-...RiskContract workFor contractorsWork at office$55k - $105k
...and individuals around the globe address their most significant risk, workforce, wealth management and retirement challenges through custom... .... To learn more, please visit: Summary: The Account Manager II is responsible for working with Producers and Account Executives...Risk$80k - $128k
A leading national security company is seeking a Risk and Vulnerability Analyst to support the Security Operations Center by identifying and analyzing vulnerabilities and risks. This position requires a Bachelor's degree in Cybersecurity or similar, at least 2 years in...Risk
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Risk and Vulnerability Analyst II. Be the first to apply!
- senior quantitative risk analyst Washington DC
- information risk analyst Washington DC
- it risk analyst Washington DC
- risk consultant Washington DC
- operational risk consultant Washington DC
- third party risk analyst Washington DC
- risk analyst Washington DC
- risk officer Washington DC
- transaction risk analyst Washington DC
- governance risk & compliance analyst Washington DC

