Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Dragonfli Group

Vulnerability Management Engineer

Dragonfli Group

Senior Vulnerability Management Analyst managing end-to-end vulnerability disclosure and attack surface management programs for federal clients. Leading scanning operations and stakeholder engagement in cybersecurity.

Posted 7/18/2026full-timeRemote • 🇺🇸 United StatesMid-LevelSeniorWebsite

Core Competencies

Role fit
Core Competencies

Use this summary to align your resume positioning with the role.

Demonstrates expertise in managing vulnerability disclosure programs and attack surface management, with a strong focus on compliance and remediation within federal environments. Proficient in utilizing vulnerability scanning tools and producing detailed documentation for stakeholders.

Highest-signal resume keywords
Vulnerability Management ExperienceTenable.sc ProficiencyCISA Program KnowledgeServiceNow ExperienceActive Security Clearance

ATS Keywords

Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills
Vulnerability Disclosure Program ManagementAttack Surface ManagementVulnerability ScanningCompliance MonitoringSOP DocumentationPOA&M ManagementFalse Positive ManagementRemediation TrackingData AnalysisStakeholder Communication
Soft Skills
Clear CommunicationRelationship BuildingProgram OwnershipTeam CollaborationPresentation Skills
Tools & Technologies
Tenable.ioOpenText ScanCentralWebInspectServiceNowBugcrowd
Certifications & Qualifications
Security+CEHCISSPCISMCertified Vulnerability Assessor
Industry Keywords
Federal CybersecurityBOD ComplianceHTTPS/HSTS ComplianceVulnerability Scanning PlatformsEthical Hacking Coordination

Tech Stack

Tools & technologies
Cyber SecurityITSMServiceNow

About the role

Key responsibilities & impact
  • Lead and manage end-to-end vulnerability disclosure programs (VDP), including coordination with ethical hackers, system owners, and agency stakeholders.
  • Own attack surface management programs (e.g., CISA FAST), including scheduling, scope management, findings coordination, and POA&M documentation.
  • Manage and update Standard Operating Procedures (SOPs), SharePoint repositories, and program tracking documentation.
  • Lead recurring stakeholder syncs (weekly vulnerability management meetings, DMZ syncs, Security Report presentations).
  • Operate and maintain enterprise vulnerability scanning platforms including Tenable.sc, Tenable.io, and web application scanning tools (OpenText ScanCentral or equivalent).
  • Scope, schedule, execute, and report on vulnerability scans across large, complex federal environments.
  • Analyze scan results to identify critical and high-severity findings; triage false positives; prioritize remediation activities.
  • Manage hardware/software certification pipelines; process ServiceNow tickets within defined SLAs.
  • Support transition from legacy tools to modernized scanning platforms with minimal operational disruption.
  • Track and drive remediation of critical, high, and all severity-tiered vulnerabilities to closure within program SLAs.
  • Maintain accurate POA&M records for all open findings across program scope.
  • Produce and present vulnerability dashboards, compliance reports, and executive-level status briefings.
  • Validate remediation effectiveness through post-remediation scanning and analysis.
  • Monitor HTTPS/HSTS compliance and other BOD requirements (BOD 18-01, BOD 20-01, and others as applicable).
  • Build and maintain working relationships with CISA contacts, agency system owners, SOC personnel, and contractor teams.
  • Communicate vulnerability risks and remediation recommendations clearly to both technical and non-technical audiences.
  • Serve as subject matter expert and primary point of contact for assigned programs.
  • Provide backfill coverage across vulnerability management workstreams as needed.

Requirements

What you’ll need
  • 3+ years of hands-on vulnerability management experience.
  • Demonstrated program ownership: VDP, attack surface management, or equivalent independently managed programs.
  • Proficiency with Tenable.sc and/or Tenable.io (scan configuration, report generation, false positive management).
  • Experience with CISA programs (VDP, FAST, BOD compliance) or equivalent federal cybersecurity initiatives.
  • Working knowledge of ServiceNow or equivalent ITSM platforms for ticket management.
  • Ability to produce clean, accurate SOPs, POA&Ms, and stakeholder-facing documentation.
  • Active security clearance or eligibility to obtain one preferred.
  • 3+ years of hands-on vulnerability management experience within a federal agency environment preferred.
  • Experience operating WebInspect, OpenText ScanCentral, or equivalent DAST/web application scanning tools.
  • Familiarity with Bugcrowd or other managed bug bounty platforms.
  • Experience with HSTS/HTTPS compliance monitoring aligned to BOD 18-01.
  • Active certifications: Security+, CEH, CISSP, CISM, or Certified Vulnerability Assessor (CVA).
  • Experience leading or co-leading standing meetings with federal stakeholders.
  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent practical experience.

Benefits

Comp & perks
  • Health, Dental, and Vision Insurance
  • PTO
  • 401(k)
  • Remote work flexibility
  • Exposure to high-impact federal cybersecurity programs
  • Direct access to firm leadership and career development opportunities