Return To Search
Risk and Vulnerability Analyst II
Location: Washington, DC
Company: Revolutional, LLC
Category:
Revolutional delivers advanced technology solutions and mission support to federal agencies across civilian, health, and national security environments. We apply modern capabilities, including AI/ML, cloud, cybersecurity, and IT modernization to solve complex challenges, enable faster and more secure operations, and drive measurable mission outcomes.
We are redefining how federal technology gets built and delivered by operating with a product mindset, prioritizing speed, ownership, and execution over bureaucracy.
Title: Risk and Vulnerability Analyst II
Location: Washington, DC or Chandler, AZ
Terms: Full-time
Clearance: Secret eligibility required
Travel: 0-20%
Position Description
As a Risk and Vulnerability Analyst II at Revolutional, you own the scanning and vulnerability identification pipeline across a large-scale federal enterprise. You run ad hoc and automated scans across operating systems, databases, web applications, cloud environments, and APIs — and you do it with the precision and consistency that compliance-driven federal programs demand.
You are technically skilled and operationally reliable. You troubleshoot scanning issues before they become coverage gaps, automate what can be automated, and produce findings that give security teams and leadership an accurate picture of enterprise risk. You are organized, customer-focused, and understand that vulnerability management is a service function as much as a technical one.
Responsibilities
- Execute ad hoc and automated vulnerability scans across operating systems, databases, and web applications using industry-accepted scanning tools
- Conduct cloud compliance scans across federal and commercial cloud environments; troubleshoot scanning configuration issues and ensure continuous coverage
- Perform on-site scanning operations as required, coordinating with system owners and network teams to maintain scan fidelity and minimize operational impact
- Execute Information Security Vulnerability Management (ISVM) scans and ensure results align with compliance requirements and program reporting standards
- Conduct API discovery and scanning to identify undocumented or unsecured API endpoints across the enterprise environment
- Develop and maintain scanning automation to improve coverage, consistency, and efficiency across the vulnerability management program
- Triage and validate scan findings; differentiate true positives from false positives and prioritize results based on risk and asset criticality
- Track vulnerability findings through the remediation lifecycle; coordinate with system owners and security teams to ensure timely closure
- Produce clear, accurate vulnerability reports and compliance dashboards for technical teams and program leadership
- Maintain scanning tool configurations, credentials, and schedules; ensure tooling remains current and aligned with the evolving enterprise asset inventory
- Support continuous monitoring requirements and contribute to FISMA compliance reporting as it relates to vulnerability management
What You Bring (Requirements) Baseline Requirements
- Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)
- 3 to 5 years of security-related experience with a focus on vulnerability management and scanning operations
- Secret eligibility required
Technical & Domain Capabilities
- Hands-on experience with industry-accepted vulnerability scanning tools (e.g., Tenable Nessus, Qualys, Rapid7, or equivalent) for OS, database, and web application scanning
- Experience conducting cloud compliance scans across commercial or GovCloud environments
- Experience with on-site scanning operations and troubleshooting scanning-related issues including authentication, network access, and tool configuration
- Experience with ISVM scans and federal vulnerability management compliance requirements
- Experience with API discovery and scanning methodologies and tools
- Demonstrated ability to automate scanning workflows using scripting, scheduling tools, or platform-native automation capabilities
- Familiarity with vulnerability scoring frameworks (CVSS) and risk-based prioritization of findings
- Understanding of federal security compliance requirements including FISMA and NIST RMF as they apply to vulnerability management
Core Strengths
- Highly organized: you manage multiple scan schedules, asset inventories, and remediation tracks simultaneously without dropping coverage
- Customer-service oriented — you work collaboratively with system owners and technical teams, not around them
- Detail-oriented with strong documentation habits; your scan configurations and findings are reproducible and audit-ready
- Problem-solver who troubleshoots scanning issues independently and doesn’t wait for perfect conditions to maintain coverage
Nice to Have (Differentiators)
- Vulnerability management certifications: Tenable Certified Security Associate, Qualys Certified Specialist, or equivalent platform certification
- Security certifications: CompTIA Security+, CySA+, or equivalent
- Experience with vulnerability management in a federal civilian or defense environment
- Familiarity with SCAP (Security Content Automation Protocol) and STIG compliance scanning
- Experience integrating vulnerability scan data into SIEM platforms or risk dashboards
- Background in API security testing or web application vulnerability assessment
- Active Secret clearance
#DICE #LinkedIn
___________________________________________________________________________________________________________
Here at Revolutional we are pleased to have been repeatedly recognized for our outstanding work culture, the innovative work we do, and the employees on our team who make a difference each day. Some of these recognitions include:
- Recognized as a Top 20 "Best Place to Work in Virginia"
- Recipient of Department of Labor's HireVets Gold Medallion
- Great Place to Work Certification for five years running
- A Virginia Chamber of Commerce Fantastic 50 company
- A Northern Virginia Technology Council Tech 100 company
- Inc. 5000 list of fastest growing companies for eleven years
- Two-time SBA SBIR Tibbett's Award winner
- Virginia Values Veterans (V3) Certification
We recognize that every bit of our success is the result of our teams of hard-working, motivated, and innovative professionals who are proud to call themselves part of the Revolutional family! In addition to competitive compensation, a family-focused culture, and a dynamic, productive work environment, we offer all full-time employees a variety of benefits including, but not limited to
- Traditional and HSA- eligible medical insurance plans
- 100% employer-paid dental and vision insurance options
- 100% employer-sponsored STD, LTD, and life insurance
- 5% 401(k) company matching
- Flexible-schedules and teleworking options
- Paid holidays and PTO Accrual Plans
- Paid Parental Leave
- Professional development and career growth opportunities
- Team and company-wide events, recognition, and appreciation-- and so much more!
Check out our to find out a little more about who we are and if we are the right next step for your career!
Revolutional is an Equal Opportunity Employer providing equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, national origin, age, gender, gender identity, sexual orientation, disability, or genetics. Revolutional does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily. Other duties in addition to those listed may be assigned as necessary to meet business needs. Reasonable accommodation will be made to enable an applicant with a disability to successfully apply for and/or perform the essential duties of the job. If you are in need of an accommodation, please contact .