Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
K2United

Mid-Level Vulnerability Management Engineer

K2United

Vulnerability Management Engineer resolving security vulnerabilities for federal health-sector clients. Supporting enterprise scanning, remediation, and collaboration in a mission-driven environment.

Posted 7/17/2026contractRemote • Maryland • 🇺🇸 United StatesMid-LevelSenior💰 $80,000 - $105,000 per yearWebsite

Core Competencies

Role fit
Core Competencies

Use this summary to align your resume positioning with the role.

Demonstrates expertise in vulnerability management, including conducting comprehensive scans and providing actionable remediation guidance. Proficient in analyzing vulnerabilities and ensuring compliance with federal standards and directives.

Highest-signal resume keywords
Vulnerability ManagementEnterprise Scanning PlatformsCredentialed ScanningCISA KEV CatalogNIST SP 800-53

ATS Keywords

Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills
Vulnerability ScanningRisk AnalysisRemediation TrackingNetwork Architecture AnalysisDatabase Vulnerability Scanning
Soft Skills
Analytical SkillsOrganizational SkillsCommunication Skills
Tools & Technologies
Tenable.scNessusQualysRapid7
Industry Keywords
High Value Asset (HVA)FISMAFederal Background InvestigationCISA Binding Operational Directives

About the role

Key responsibilities & impact
  • Manage, operate, and maintain vulnerability-management infrastructure capable of performing credentialed scans across approved client-managed systems, devices, and applications.
  • Perform host-based, network-based, application, and database vulnerability scanning and deliver actionable remediation guidance.
  • Analyze scan results and network architecture to identify the highest-risk vulnerabilities and recommend appropriate mitigation steps.
  • Conduct specialized assessments for High Value Assets (HVAs) and other designated systems, ensuring reports meet HVA requirements.
  • Support the implementation, operation, and maintenance of vulnerability-management projects within client's Information Security Project Dashboard.
  • Alert technical points of contact to risks posed by vulnerabilities, missing assets, configuration errors, and unauthorized software or hardware.
  • Escalate critical vulnerabilities within 24 hours and track remediation to closure in accordance with applicable federal, department, and agency policy and contractual remediation timelines.
  • Monitor the CISA Known Exploited Vulnerabilities (KEV) Catalog and other authoritative sources to support timely remediation and compliance with applicable Binding Operational Directives.
  • Coordinate with program areas and system owners to prioritize mitigation steps, including end-user mitigation activities when needed.
  • Provide risk analysis for identified vulnerabilities and system change requests.
  • Drive findings to verified closure through ticketed workflows, coordinating with the separate technical teams that perform system patching, and validate remediation through authenticated re-scans with recorded evidence.
  • Maintain regular communication with client and department stakeholders to support collaboration, process improvement, tool tuning, information sharing, and compromise response.
  • Monitor government and private-sector vulnerability sources to identify emerging risks that may affect client-managed systems.
  • Contribute to vulnerability management reporting and ad hoc compliance deliverables supporting department, DHS, and FISMA requirements.

Requirements

What you’ll need
  • Bachelor's degree in a related field, or equivalent experience as allowed by company and contract policy.
  • Five or more years of hands-on enterprise vulnerability management and scanning experience.
  • Experience administering enterprise scanning platforms such as Tenable.sc, Nessus, Qualys, Rapid7, or similar tools.
  • Experience performing credentialed scanning at scale across hybrid environments.
  • Experience with host-based, network-based, application, and database vulnerability scanning.
  • Direct experience tracking and remediating vulnerabilities against the CISA KEV Catalog and CISA Binding Operational Directives 22-01 and 26-04, successor directives.
  • Familiarity with High Value Asset (HVA) assessment requirements.
  • Working knowledge of NIST SP 800-53 Rev. 5, FISMA, and FIPS 199.
  • Strong analytical, organizational, and communication skills with the ability to work effectively across technical and government stakeholders.
  • Ability to meet federal background investigation requirements.

Benefits

Comp & perks
  • 401(k) with employer matching
  • Low-cost medical coverage for employees and their families
  • Paid time off
  • Paid leave for jury duty, military service, voting, and other qualifying events
  • Wellness stipend, including fitness reimbursement
  • Tuition assistance
  • Casual work environment
  • Technical training and certification support
  • Complimentary access to CareerSafe online training courses for employees and their immediate family