{"id":905,"date":"2025-12-24T08:55:25","date_gmt":"2025-12-24T08:55:25","guid":{"rendered":"https:\/\/skillbasedmatching.com\/jobs\/?post_type=jobpost&#038;p=905"},"modified":"2025-12-24T08:55:28","modified_gmt":"2025-12-24T08:55:28","slug":"vulnerability-management-engineer-fedramp-pen-test-support","status":"publish","type":"jobpost","link":"https:\/\/skillbasedmatching.com\/jobs\/current-jobs\/vulnerability-management-engineer-fedramp-pen-test-support\/","title":{"rendered":"Vulnerability Management Engineer (FedRAMP &#038; Pen Test Support)"},"content":{"rendered":"\n<p>\u200bThis is a <strong>Full-Time, Remote<\/strong> role for <strong>U.S. Citizens<\/strong> only. Quzara is seeking a technical practitioner to lead their authorized vulnerability management services, specifically focusing on customers in federal and highly regulated sectors. The position is a hybrid of <strong>Vulnerability Management (VM)<\/strong> and <strong>Penetration Testing Support<\/strong>, requiring a candidate who can manage the automated scanning lifecycle while also maintaining the specialized toolsets used by human hackers.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Requisition ID:<\/strong> 1049<\/li>\n\n\n\n<li>\u200b<strong>Location:<\/strong> Remote (U.S.)<\/li>\n\n\n\n<li>\u200b<strong>Pay Type:<\/strong> Salaried Exempt<\/li>\n\n\n\n<li>\u200b<strong>Core Tech:<\/strong> Tenable.io, Nessus, Burp Suite Pro, Metasploit, and Kali Linux.<\/li>\n\n\n\n<li>\u200b<strong>Regulatory Focus:<\/strong> FedRAMP ConMon, NIST 800-53, and FISMA.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bKey Responsibilities: Continuous Monitoring and Tool Orchestration<\/h2>\n\n\n\n<p>\u200bThis role ensures that a company\u2019s security posture remains &#8220;audit-ready&#8221; every single day, not just during an assessment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bFedRAMP Continuous Monitoring (ConMon)<\/h3>\n\n\n\n<p>\u200bYou will own the monthly <strong>FedRAMP ConMon<\/strong> cycle. This involves executing vulnerability scans across Windows, Linux, containers, and web apps, followed by rigorous deviation analysis. You are responsible for generating the <strong>Plan of Action and Milestones (POA&amp;M)<\/strong>, which tracks how and when vulnerabilities will be fixed to satisfy federal regulators.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bPen Test Technical Enablement<\/h3>\n\n\n\n<p>\u200bUnlike a standard VM role, you will directly support penetration testing teams. You are responsible for installing, configuring, and patching the &#8220;hacker toolchain,&#8221; including <strong>Kali Linux, Metasploit, and Burp Suite<\/strong>. You must ensure that these environments are compliant and operational so that testers can perform high-impact engagements without technical friction.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bScanner Optimization and Remediation Coordination<\/h3>\n\n\n\n<p>\u200bYou will manage the health and licensing of <strong>Tenable.io and Nessus<\/strong> scanners. Beyond just &#8220;hitting the scan button,&#8221; you must tune policies to ensure comprehensive asset coverage and work cross-functionally with <strong>Site Reliability Engineers (SREs)<\/strong> and developers to interpret results and drive remediation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bRequired Qualifications and Skills<\/h2>\n\n\n\n<p>\u200bQuzara is looking for an expert who understands the intersection of deep technical scanning and federal compliance paperwork.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Experience:<\/strong> <strong>4+ years<\/strong> in Vulnerability Management or Pen Testing support specifically within <strong>FedRAMP or Federal<\/strong> environments.<\/li>\n\n\n\n<li>\u200b<strong>Tooling Expertise:<\/strong> Expert-level proficiency with <strong>Tenable.io\/Nessus<\/strong> and hands-on experience maintaining <strong>Kali Linux<\/strong> or similar platforms.<\/li>\n\n\n\n<li>\u200b<strong>Compliance Knowledge:<\/strong> A strong working knowledge of <strong>NIST SP 800-53<\/strong> controls and how they translate into technical configurations.<\/li>\n\n\n\n<li>\u200b<strong>Documentation:<\/strong> Proven ability to translate complex scan data into remediation plans and audit-ready reports.<\/li>\n\n\n\n<li>\u200b<strong>Citizenship:<\/strong> Must be a <strong>U.S. Citizen<\/strong> (required for federal contracting).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bPreferred Certifications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Tenable Certified Nessus Expert<\/strong> (Highly preferred)<\/li>\n\n\n\n<li>\u200b<strong>Offensive\/Security Certs:<\/strong> CEH, CompTIA PenTest+, or CISSP.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bSummary of Role Impact<\/h2>\n\n\n\n<p>\u200bIn the federal world, &#8220;authorized&#8221; means your systems have met the highest bar of security scrutiny. As a Vulnerability Management Engineer at Quzara, you are the technical steward of that authorization. By maintaining audit-ready tooling and providing clear remediation guidance, you enable Quzara and its customers to defend against modern threats while staying in lock-step with Department of Defense and civilian agency security standards.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u200bThis is a Full-Time, Remote role for U.S. Citizens only. Quzara is seeking a technical practitioner to lead their authorized vulnerability management services, specifically focusing on customers in federal and highly regulated sectors. The position is a hybrid of Vulnerability Management (VM) and Penetration Testing Support, requiring a candidate who can manage the automated scanning [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","jobpost_category":[648,44,45,734],"jobpost_job_type":[39],"jobpost_location":[1041],"jobpost_tag":[1553,4113,4111,1231,4112,4109,81,4110,166,2823],"class_list":["post-905","jobpost","type-jobpost","status-publish","hentry","jobpost_category-information-technology","jobpost_category-security","jobpost_category-software-engineering","jobpost_category-support-service","jobpost_job_type-remote","jobpost_location-united-states","jobpost_tag-fedramp","jobpost_tag-kali-linux","jobpost_tag-nessus","jobpost_tag-nist-800-53","jobpost_tag-pen-testing-support","jobpost_tag-quzara","jobpost_tag-remote","jobpost_tag-tenable-io","jobpost_tag-u-s-citizen","jobpost_tag-vulnerability-management"],"_links":{"self":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost\/905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost"}],"about":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/types\/jobpost"}],"author":[{"embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/media?parent=905"}],"wp:term":[{"taxonomy":"jobpost_category","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_category?post=905"},{"taxonomy":"jobpost_job_type","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_job_type?post=905"},{"taxonomy":"jobpost_location","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_location?post=905"},{"taxonomy":"jobpost_tag","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_tag?post=905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}