Vulnerability Management, Tenable/Nessus & Metrics Analyst (Cybersecurity)

TL;DR

Vulnerability Management, Tenable/Nessus & Metrics Analyst (Cybersecurity): Supporting vulnerability management, security metrics, and remediation tracking in a federal technology environment with an accent on Tenable/Nessus data analysis and dashboard reporting. Focus on identifying affected systems, validating findings, and reconciling data across multiple sources to provide actionable risk reporting.

Location: Crystal City, VA. Minimum Active Secret clearance or above required.

Company

hirify.global is a technology services provider supporting federal government cybersecurity and IT operations.

What you will do

• Perform and review Tenable/Nessus scan exports and maintain native dashboards for KEVs and critical vulnerabilities.
• Conduct authorized ad hoc scans and validate findings as true positives, duplicates, or configuration issues.
• Track the vulnerability lifecycle from intake and triage to remediation tracking and closure evidence collection.
• Develop and maintain Power BI dashboards and Excel reports to visualize vulnerability posture, compliance, and aging.
• Coordinate with security, development, and infrastructure teams to ensure accurate ownership and remediation of findings.
• Maintain SOPs, RACI notes, and documentation for vulnerability remediation workflows.

Requirements

• 1-3 years of experience in cybersecurity operations, vulnerability management, or IT operations.
• Minimum Active Secret security clearance or above.
• Hands-on experience with Tenable/Nessus, including plugins, CVEs, and scan templates.
• Intermediate proficiency in Power BI, including data imports, transformations, and dashboard maintenance.
• Strong Excel skills, including pivots, lookups, and data cleanup.
• Solid understanding of vulnerability concepts such as KEV, CVE, false positives, and risk acceptance.

Nice to have

• Experience supporting US federal government cybersecurity programs or regulated environments.
• Familiarity with NIST SP 800-53, RMF, FedRAMP, and CISA KEV/BOD 22-01.
• Exposure to DevSecOps tools such as SAST, SCA, DAST, and SBOM tooling.
• Basic understanding of Windows Server, .NET Framework, and SQL Server.