Vulnerability Management Engineer

The Vulnerability Management Engineer (FedRAMP & Pen Test Support) is responsible for delivering and scaling Quzara’s Authorized Vulnerability Management Services while providing technical enablement for high-impact penetration testing efforts supporting federal and regulated customers. This role owns the end-to-end vulnerability management lifecycle, including scanner configuration, continuous monitoring execution, remediation coordination, and tool maintenance. The position requires hands‑on expertise with enterprise vulnerability scanning platforms and penetration testing toolchains, as well as a deep understanding of FedRAMP Continuous Monitoring (ConMon) and NIST 800‑53 requirements. The ideal candidate is a practitioner who can operate independently in regulated environments, maintain audit‑ready tooling, and translate scan output into actionable remediation guidance. Responsibilities Install, configure, maintain, and patch penetration testing toolsets (e.g., Burp Suite Pro, Metasploit, Kali Linux) for use in federal and regulated engagements. Execute and manage monthly FedRAMP Continuous Monitoring (ConMon) activities, including vulnerability scanning, deviation analysis, and POA&M generation. Configure, optimize, and maintain Tenable.io / Nessus scanners and web application scanning (WAS) tools to ensure accurate and comprehensive asset coverage. Own the health, licensing, patching, and lifecycle management of all vulnerability management and penetration testing tools to ensure continuous audit readiness. Analyze scan results and collaborate with Site Reliability Engineers (SREs), infrastructure teams, and application owners to drive timely remediation. Interpret vulnerability data across Windows, Linux, database, container, and web application assets and provide remediation guidance aligned with federal baselines. Support penetration testing preparation and execution by ensuring testing environments, tools, and configurations are compliant and operational. Provide vulnerability evidence, scan reports, and remediation documentation to support FedRAMP, FISMA, and third‑party assessment activities. Continuously improve vulnerability management processes, scan coverage, and reporting accuracy across Quzara environments. REQUIREMENTS 4+ years of experience in Vulnerability Management or Penetration Testing support within FedRAMP or Federal environments. Expert‑level proficiency with Tenable.io / Nessus, including scanner deployment, policy tuning, and result interpretation. Hands‑on experience maintaining and operating penetration testing platforms (e.g., Kali Linux, Burp Suite, Metasploit). Strong working knowledge of NIST SP 800‑53 control requirements and FedRAMP Continuous Monitoring processes. Experience translating vulnerability findings into POA&Ms, remediation plans, and audit‑ready documentation. Ability to collaborate cross‑functionally with infrastructure, SRE, DevSecOps, and compliance teams. Must be a U.S. Citizen and eligible to support federal contracting environments. Preferred Certifications One or more of the following: Certified Ethical Hacker (CEH) CompTIA PenTest+ Certified Information Systems Security Professional (CISSP) Quzara LLC is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring based on sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law. Join Our Cyber Team! Working for Quzara means being part of a team driven by innovation and dedication where we rise together. Apply Today #J-18808-Ljbffr