Remote Vulnerability Management Jobs in Silver Spring, MD

26-May-2026

US (Remote)

10880BR

Company Summary

Built on 40 years of industry expertise Deltek is a leading provider of ERP solutions for Government contractors of all sizes. And whether these firms call them a contract within the government contracting space, an engagement within professional services firms or refer to them as a project within the AEC space, these organizations share the same ultimate goal-to win and deliver successful projects. Deltek offerscomplete and integrated software solutions that connect and automate every stage of the project lifecycle, enhancing project intelligence, management and collaboration. With Deltek's industry-focused expertise and end-to-end visibility into project and financial performance, we empower businesses to make data-driven decisions, mitigate risks and deliver projects on time and within budget.

Position Responsibilities

As a Senior GRC Engineering Analyst, you will ensure Deltek's cloud environments and information systems meet security and compliance obligations by testing technical controls, supporting audits, and maturing core GRC services. To support Deltek's flagship GovCon products, you will partner with Cloud Operations, Product Security, Platform Delivery, and Security Operations to translate requirements into test procedures, produce audit-ready artifacts, and drive remediation.

• Lead audits and assessments with a key focus on engineering, technical control design, and control implementation aligned to frameworks/programs such as NIST 800-53 Rev. 5, FedRAMP, CMMC, ISO 27001, PCI DSS, SOC 1, and SOC 2.
• Test, validate, and document cloud control implementations across AWS, Azure, and OCI, including IAM, network segmentation, encryption/key management, logging/monitoring, vulnerability management, container security, infrastructure-as-code, and CI/CD pipelines.
• Partner with Security Engineering, Cloud Engineering, DevOps, IT, and Product teams to translate compliance requirements into scalable, automated, and auditable technical controls.
• Own assessment execution end-to-end, including scope definition, technical walkthroughs, control testing, evidence validation, issue tracking, remediation follow-up, and reporting.
• Design, maintain, and improve audit-ready artifacts, including control narratives, test procedures, evidence mappings, technical diagrams, implementation documentation, and control validation results.
• Facilitate technical walkthroughs with stakeholders and auditors; clearly explain control intent, system architecture, implementation details, evidence sources, and test results.
• Identify control gaps, assess technical risk and business impact, and drive remediation to closure with accountable engineering and control owners.
• Support continuous compliance through control automation, recurring evidence collection, control health monitoring, and integration with tools such as cloud security platforms, ticketing systems, SIEM, vulnerability management tools, and GRC platforms.
• Own or support key GRC services, including policy lifecycle, risk management, FedRAMP continuous monitoring, POA&M management, customer due diligence, security questionnaires, and audit readiness, with a focus on process improvement and automation.
• Build compliance metrics and reporting, including dashboards, scorecards, executive summaries, control health indicators, remediation trends, and audit readiness reporting.
• Develop or support automation scripts, queries, workflows, or integrations to streamline evidence collection, control testing, compliance monitoring, and reporting.
• Evaluate cloud services, system changes, and new technical implementations for compliance impact and advise teams on control requirements early in the design and deployment lifecycle.
• Maintain strong working knowledge of cloud security architecture, identity and access management, secure SDLC, infrastructure-as-code, logging/monitoring, vulnerability management, encryption, and change management practices.

Qualifications

Required Qualifications:

• 3+ years of experience in GRC engineering, cloud security or compliance, IT audit/ITGC, Security Operations (SecOps), internal audit, IT risk management, or related fields, with hands-on experience implementing, validating, security tooling and assessing technical controls.
• Bachelor's degree in information security, Computer Science, Informatics with Security, MIS, Engineering, or equivalent practical experience.
• Experience assessing and validating controls in one or more major cloud platforms, including AWS, Azure, or OCI. Practical OCI experience is preferred.
• Working knowledge of cloud security control areas such as IAM, logging and monitoring, encryption/key management, vulnerability management, network security, change management, secure SDLC, CI/CD, and infrastructure-as-code.
• Experience partnering with engineering, security, cloud operations, or platform teams to collect evidence, validate control implementation, identify gaps, and support remediation.
• Ability to review technical documentation, system configurations, screenshots, logs, tickets, diagrams, and other evidence to determine whether controls are operating effectively.
• Familiarity with one or more security and compliance frameworks, such as NIST 800-53, FedRAMP, CMMC, ISO 27001, PCI DSS, SOC 1, or SOC 2.
• Possess a security, audit, or cloud certification, such as CISA, CISSP, CCSK/CCAK, AWS, Azure, GCP, or OCI certification, or obtain one within 12 months. Candidates with relevant certification(s) already held are preferred.

• Excellent ability to:
  • Self-manage time and priorities while working with minimal direction and supervision.
  • Handle multiple competing priorities and projects.
  • Resolve business and technical roadblocks independently through structured problem-solving.
  • Think critically and apply strong analytical, written, verbal, and interpersonal communication skills.
• Collaborate effectively in a team environment and take directions from senior-level staff.
• Demonstrated initiative to learn through a combination of structured, on-the-job, and self-directed training.

• OCI experience.
• ITAR and/or Government Cloud assessment experience.
• Hands-on experience with FedRAMP and/or NIST 800-171, plus familiarity with CSA CCM and CIS Benchmarks.
• Experience supporting or assessing secure software development in cloud environments (e.g., CI/CD, infrastructure as code, containers).

Career Interests

Legal

Compensation Info

The U.S. salary range for this position is $76,000.00-$134,000.00. This range is subject to change as Deltek takes a number of factors into consideration when determining individual base pay, such as location, job-related knowledge, skills and experience. Certain roles are eligible for additional rewards, including incentive compensation and equity.
Benefits and perks listed here may vary depending on the nature of employment with Deltek. Employees have access to healthcare benefits, a 401(k) plan and company match, paid vacation time and holidays, well-living programs, short-term and long-term disability coverage, basic life insurance and tuition reimbursement.

Position Type

FT

Travel Requirements

10%

Compliance Requirements

Certain roles may have additional privacy, security and compliance requirements to the extent they support Costpoint GCCM or similar product offerings.

EEO Statement

Deltek, Inc. is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.

E-Verify Statement

Deltek, Inc., utilizes the E-Verify program with every potential new hire. This makes it possible for us to make certain that every employee who works for Deltek is eligible to work in the United States. To learn more about E-Verify you can call 1-800-255-7688 or visit their website by clicking the logo below. E-Verify is a registered trademark of the United States Department of Homeland Security.

Applicant Privacy Notice

Deltek is committed to the protection and promotion of your privacy. In connection with your application for employment with us at Deltek, it is necessary for us to collect, store and use information about you ("Personal Data") to administer and evaluate your application. We are the "controller" of the Personal Data you provide us and will process any such Personal Data in accordance with applicable law and the statements contained in this Employment Candidate Privacy Notice. Additionally, we have not sold and do not sell Personal Data you provide to us through the job application process.

Job Expires

15-Apr-2027