​This is a Full-Time, Remote role for U.S. Citizens only. Quzara is seeking a technical practitioner to lead their authorized vulnerability management services, specifically focusing on customers in federal and highly regulated sectors. The position is a hybrid of Vulnerability Management (VM) and Penetration Testing Support, requiring a candidate who can manage the automated scanning lifecycle while also maintaining the specialized toolsets used by human hackers.

• ​Requisition ID: 1049
• ​Location: Remote (U.S.)
• ​Pay Type: Salaried Exempt
• ​Core Tech: Tenable.io, Nessus, Burp Suite Pro, Metasploit, and Kali Linux.
• ​Regulatory Focus: FedRAMP ConMon, NIST 800-53, and FISMA.

​Key Responsibilities: Continuous Monitoring and Tool Orchestration

​This role ensures that a company’s security posture remains “audit-ready” every single day, not just during an assessment.

​FedRAMP Continuous Monitoring (ConMon)

​You will own the monthly FedRAMP ConMon cycle. This involves executing vulnerability scans across Windows, Linux, containers, and web apps, followed by rigorous deviation analysis. You are responsible for generating the Plan of Action and Milestones (POA&M), which tracks how and when vulnerabilities will be fixed to satisfy federal regulators.

​Pen Test Technical Enablement

​Unlike a standard VM role, you will directly support penetration testing teams. You are responsible for installing, configuring, and patching the “hacker toolchain,” including Kali Linux, Metasploit, and Burp Suite. You must ensure that these environments are compliant and operational so that testers can perform high-impact engagements without technical friction.

​Scanner Optimization and Remediation Coordination

​You will manage the health and licensing of Tenable.io and Nessus scanners. Beyond just “hitting the scan button,” you must tune policies to ensure comprehensive asset coverage and work cross-functionally with Site Reliability Engineers (SREs) and developers to interpret results and drive remediation.

​Required Qualifications and Skills

​Quzara is looking for an expert who understands the intersection of deep technical scanning and federal compliance paperwork.

• ​Experience: 4+ years in Vulnerability Management or Pen Testing support specifically within FedRAMP or Federal environments.
• ​Tooling Expertise: Expert-level proficiency with Tenable.io/Nessus and hands-on experience maintaining Kali Linux or similar platforms.
• ​Compliance Knowledge: A strong working knowledge of NIST SP 800-53 controls and how they translate into technical configurations.
• ​Documentation: Proven ability to translate complex scan data into remediation plans and audit-ready reports.
• ​Citizenship: Must be a U.S. Citizen (required for federal contracting).

​Preferred Certifications

• ​Tenable Certified Nessus Expert (Highly preferred)
• ​Offensive/Security Certs: CEH, CompTIA PenTest+, or CISSP.

​Summary of Role Impact

​In the federal world, “authorized” means your systems have met the highest bar of security scrutiny. As a Vulnerability Management Engineer at Quzara, you are the technical steward of that authorization. By maintaining audit-ready tooling and providing clear remediation guidance, you enable Quzara and its customers to defend against modern threats while staying in lock-step with Department of Defense and civilian agency security standards.