1

Nessus Jobs (NOW HIRING)

Conduct vulnerability scans using Tenable Nessus * Prioritize/analyze findings, coordinate remediation * Map threats/vulnerabilities to MITRE ATT&CK framework Threat Intelligence * Collect/analyze ...

Conduct vulnerability scans using Tenable Nessus * Prioritize/analyze findings, coordinate remediation * Map threats/vulnerabilities to MITRE ATT&CK framework Threat Intelligence * Collect/analyze ...

MUST be a US Citizen and ONLY hold US citizenship (No Dual Citizens)* familiarity with standard industry tools like Splunk, Crowdstrike, Nessus , etc. Summary: The main function of an IT Security ...

Site Reliability Engineer

Aurora, CO · On-site

$57.75 - $77/hr

... Nessus, Jira, or Confluence • Knowledge of patching and hardening systems • TS/SCI clearance with a polygraph • HS diploma or GED • Ability to obtain a Security+ CE, SSCP, CCNA-Security, or ...

next page

Showing results 1-20

Nessus information

See salary details

$33.5K

$137.7K

$174K

How much do nessus jobs pay per year?

As of Jul 4, 2026, the average yearly pay for nessus in the United States is $137,745.00, according to ZipRecruiter salary data. Most workers in this role earn between $111,000.00 and $173,000.00 per year, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Cybersecurity professionals, including those working with tools like Nessus, can potentially earn $200,000 or more annually, especially with advanced skills, certifications (such as CISSP or CEH), and experience in high-demand roles or management positions. Salaries vary based on location, industry, and job responsibilities, but reaching this level is achievable for senior or specialized roles in the field.

What is a Tenable job?

A Tenable job typically refers to a position involving the use of Tenable's cybersecurity products, such as Nessus, for vulnerability assessment and management. These roles often require knowledge of network security, vulnerability scanning, and may involve certifications like CISSP or CompTIA Security+.

What is a Nessus job?

A Nessus job typically involves using Tenable's Nessus vulnerability scanner to assess network security by identifying weaknesses, misconfigurations, and vulnerabilities in systems. Security professionals in this role configure and run scans, analyze results, and provide remediation recommendations to improve cybersecurity posture. Nessus jobs are commonly held by penetration testers, security analysts, and IT administrators responsible for maintaining secure environments.

What does Nessus do?

Nessus is a vulnerability assessment tool used by cybersecurity professionals to scan networks, systems, and applications for security weaknesses. A job involving Nessus typically requires knowledge of network security, vulnerability management, and familiarity with the tool's scanning and reporting features.

What are the key skills and qualifications needed to thrive in the Nessus position, and why are they important?

To thrive as a Nessus Vulnerability Analyst, you need a strong foundation in cybersecurity principles, vulnerability assessment, and network security protocols, often demonstrated by a degree in computer science or a related field. Experience with the Nessus vulnerability scanner, familiarity with security frameworks (like CIS or NIST), and relevant certifications such as CompTIA Security+ or CEH are highly valued. Attention to detail, analytical thinking, and strong written communication are important soft skills for accurately reporting findings and collaborating with IT teams. These competencies are crucial for effectively identifying, analyzing, and mitigating security risks within an organization.

What company owns Nessus?

Nessus is a vulnerability assessment tool developed by Tenable, Inc. Tenable is a cybersecurity company that specializes in vulnerability management solutions. The company owns and maintains Nessus as part of its product portfolio.

What does a typical day look like for someone working as a Nessus Vulnerability Analyst?

As a Nessus Vulnerability Analyst, your day typically involves conducting vulnerability scans across various network assets, interpreting the resulting reports, and prioritizing the remediation of identified risks. You’ll collaborate closely with IT and security teams to follow up on critical findings, document remediation steps, and ensure compliance with organizational policies. Regular communication with stakeholders is essential, as you’ll provide updates and recommendations based on current threat landscapes. This role offers the opportunity to continuously learn about emerging security threats and technologies while directly contributing to your organization’s cyber defense posture.

More about Nessus jobs
What cities are hiring for Nessus jobs? Cities with the most Nessus job openings:
What are the most commonly searched types of Nessus jobs? The most popular types of Nessus jobs are:
What states have the most Nessus jobs? States with the most job openings for Nessus jobs include:
What job categories do people searching Nessus jobs look for? The top searched job categories for Nessus jobs are:
Infographic showing various Nessus job openings in the United States as of June 2026, with employment types broken down into 75% Full Time, and 25% Temporary. Highlights an 75% In-person, and 25% Remote job distribution, with an average salary of $137,745 per year, or $66.2 per hour.

IA Engineer - Senior

DecisionPoint | Cortek

Scott Air Force Base, IL • On-site

Full-time

Posted 25 days ago


Job description

Overview
DecisionPoint seeks a Information Assurance Engineer - Senior to provide cybersecurity, compliance, and risk management support for Global Information Technology Support Services supporting the Military Surface Deployment and Distribution Command (SDDC) Deputy Chief of Staff for Information Management (G6). This position supports the security, assessment, authorization, monitoring, and compliance of SDDC information systems across classified and unclassified enterprise environments.
The Senior Information Assurance Engineer will provide experienced support for Risk Management Framework activities, eMASS documentation, vulnerability management, STIG compliance, POA&M tracking, cyber compliance reporting, and incident response. The role requires strong experience supporting secure DoD environments and coordinating cybersecurity activities across technical teams, Government stakeholders, ISSOs, ISSMs, system administrators, and program personnel.
This position is located at HQ SDDC, Scott Air Force Base, Illinois.
Note: By applying to this position, you acknowledge and consent to having your resume included in an active competitive government contract bid.
Duties & Responsibilities
The Senior Information Assurance Engineer will:
  • Provide senior-level cybersecurity and information assurance support for SDDC systems, networks, and cloud-hosted business systems.
  • Support RMF activities for the HQ SDDC Installation Campus Network and assigned business systems throughout the authorization lifecycle.
  • Develop, review, update, and maintain RMF documentation, security artifacts, control implementation details, authorization packages, and supporting technical documentation.
  • Maintain cybersecurity records in eMASS, including authorization status, control posture, assessment results, POA&Ms, system changes, and related artifacts.
  • Support continuous monitoring through control assessments, change documentation, risk assessments, impact analysis, and security/privacy posture reporting.
  • Lead or support vulnerability management, including analysis of ACAS, Nessus, SCAP, Fortify, STIG, IAVM, and other security findings.
  • Develop, maintain, and track POA&Ms for vulnerabilities, RMF findings, STIG findings, IAVMs, and other compliance items.
  • Support vulnerability reporting and remediation coordination, including weekly Vulnerability Index reporting and tracking of open Nessus or IAVM findings.
  • Monitor STIG compliance, review manual and automated results, validate findings, and map STIG findings to applicable RMF controls.
  • Support Cyber Tasking Order compliance, cyber scorecard reporting, audit support, compliance tracking, and cybersecurity posture reporting.
  • Review firewall, whitelist, PPSM, and related cybersecurity compliance requests and provide recommendations to Government cybersecurity leadership.
  • Support incident response by reviewing suspicious activity, researching potential incidents, and assisting with response, containment, eradication, and recovery.
  • Administer, configure, maintain, and report on cybersecurity tools such as HBSS, ACAS, Nessus/Security Center, SolarWinds SEM, McAfee NSM, IDS sensors, Splunk, LogRhythm, or comparable tools.
  • Coordinate cybersecurity activities with ISSOs, ISSMs, system administrators, network engineers, program offices, functional managers, and Government stakeholders.
  • Maintain accurate compliance records, trackers, reports, technical documentation, and audit artifacts for inspections, assessments, authorizations, and Government reporting.
  • Ensure cybersecurity activities comply with applicable DoD, Army, USTRANSCOM, SDDC, RMF, STIG, information assurance, and incident handling requirements.

Qualifications
Clearance Requirement:
  • Must hold an active Secret clearance.
  • Must be eligible to obtain and maintain required Common Access Card (CAC), facility access, system access, and Government network access.

Education:
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related technical discipline.

Experience:
  • Minimum 8 years of experience supporting cybersecurity, information assurance, RMF, vulnerability management, or compliance activities within DoD or federal environments.
  • Experience supporting RMF authorization activities, system security documentation, control assessment, continuous monitoring, and ATO package development.
  • Experience using eMASS to maintain RMF packages, document controls, track POA&Ms, update authorization information, and support assessment activities.
  • Experience reviewing vulnerability scan results and coordinating remediation using tools such as ACAS, Nessus, SCAP, Fortify, or comparable DoD-approved scanning tools.
  • Experience supporting DISA STIG compliance, including checklist review, finding validation, remediation coordination, and audit documentation.
  • Experience developing, updating, and tracking POA&Ms for RMF controls, vulnerabilities, IAVMs, cyber findings, and compliance gaps.
  • Experience supporting incident response, suspicious activity reporting, cyber compliance reporting, cyber scorecards, and coordination with ISSO, ISSM, or cybersecurity leadership.
  • Experience coordinating cybersecurity activities across technical teams, Government stakeholders, and program personnel in mission-focused environments.

Technical Knowledge:
  • Knowledge of DoD cybersecurity policies, RMF, eMASS, DISA STIGs, POA&M management, IAVM compliance, continuous monitoring, and vulnerability management processes.
  • Familiarity with cybersecurity tools such as ACAS, Nessus/Security Center, SCAP, HBSS, McAfee security tools, IDS sensors, Splunk, SolarWinds SEM, LogRhythm, or comparable tools.
  • Understanding of cyber compliance reporting, Cyber Tasking Orders, cyber scorecards, vulnerability index reporting, audit support, and authorization package maintenance.
  • Knowledge of system security documentation, assessment procedures, control inheritance, ATO conditions, risk assessments, and security control validation.
  • Understanding of secure configuration management, system hardening, patching, incident handling, firewall compliance, whitelist review, and PPSM requirements.
  • Ability to assess technical findings, evaluate operational risk, and recommend practical remediation actions to Government and technical stakeholders.

Certifications (Preferred):
  • Must hold applicable DoD 8140 / 8570 cybersecurity workforce baseline certification as required for the position.
  • Must meet applicable PWS IA baseline and computing environment certification requirements, as validated against the DD254 and final RFP.
  • Security+ CE, CySA+, CASP+, CISSP, or other DoD-approved cybersecurity certification preferred, depending on final labor category and access requirements.

Skills:
  • Strong analytical and problem-solving skills in cybersecurity and compliance-driven environments.
  • Ability to lead cybersecurity documentation, assessment, remediation, and reporting activities with minimal oversight.
  • Strong attention to detail when reviewing RMF controls, STIG checklists, vulnerability findings, POA&Ms, and audit artifacts.
  • Ability to coordinate effectively with system administrators, network engineers, cybersecurity staff, Government stakeholders, and technical leads.
  • Strong written and verbal communication skills for reporting risks, findings, remediation status, compliance posture, and recommendations.
  • Commitment to protecting DoD information systems, supporting mission assurance, and maintaining continuous cybersecurity compliance.

Our Equal Employment Opportunity Policy
  • EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
  • Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
  • Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.