ZipRecruiter

Log In

1

Scan Analyst Jobs in Virginia (NOW HIRING)

Sprouts Farmers Market

Back up Scan

Leesburg, VA ยท On-site

Must have strong analytical and organizational skills in order to analyze total scanning programs, and to properly maintain necessary reports and schedules, and be able to understand and effectively ...

Sprouts Farmers Market

Back up Scan

Leesburg, VA ยท On-site

Must have strong analytical and organizational skills in order to analyze total scanning programs, and to properly maintain necessary reports and schedules, and be able to understand and effectively ...

Sprouts Farmers Market

Back up Scan

Haymarket, VA ยท On-site

Must have strong analytical and organizational skills in order to analyze total scanning programs, and to properly maintain necessary reports and schedules, and be able to understand and effectively ...

Sprouts Farmers Market

Back up Scan

Haymarket, VA ยท On-site

Must have strong analytical and organizational skills in order to analyze total scanning programs, and to properly maintain necessary reports and schedules, and be able to understand and effectively ...

Sprouts Farmers Market

Back up Scan

Leesburg, VA ยท On-site

Must have strong analytical and organizational skills in order to analyze total scanning programs, and to properly maintain necessary reports and schedules, and be able to understand and effectively ...

Sprouts Farmers Market

Back up Scan

Haymarket, VA ยท On-site

Must have strong analytical and organizational skills in order to analyze total scanning programs, and to properly maintain necessary reports and schedules, and be able to understand and effectively ...

ManTech

Senior Cyber Security Analyst

Virginia Beach, VA

$94K - $122K/yr

Proficiency with ACAS/Nessus vulnerability scanning, analysis, and remediation of findings from ... DISA STIGs, SRGs, and SCAP Preferred Qualifications: * Familiarity with network topology ...

DANE LLC

Vulnerability Management Analyst

Chantilly, VA ยท Hybrid

$70K - $85K/yr

We are seeking a Vulnerability Management Analyst (Tenable/Nessus & Metrics ) to support ... Run authorized Tenable/Nessus scans using credentialed scan profiles and review exports to identify ...

Sprouts Farmers Market

Back up Scan

Leesburg, VA ยท On-site

$18.50 - $25/hr

Must have strong analytical and organizational skills in order to analyze total scanning programs, and to properly maintain necessary reports and schedules, and be able to understand and effectively ...

Sprouts Farmers Market

Back up Scan

Haymarket, VA

$18 - $24.50/hr

Must have strong analytical and organizational skills in order to analyze total scanning programs, and to properly maintain necessary reports and schedules, and be able to understand and effectively ...

Apavo Corporation

Cybersecurity Analyst

Oakton, VA ยท On-site

Vulnerability, R&D & Directive Scanning: Execute and analyze credentialed and non-credentialed vulnerability scans. Tailor scan zones, profiles, and asset lists to ensure 100% visibility while ...

New

next page

Showing results 1-20

All JobsScan Analyst JobsScan Analyst Jobs in Virginia

Scan Analyst information

See Virginia salary details

$36.2K

$96.8K

$226.5K

How much do scan analyst jobs pay per year?

As of Jun 12, 2026, the average yearly pay for scan analyst in Virginia is $96,822.00, according to ZipRecruiter salary data. Most workers in this role earn between $54,500.00 and $110,000.00 per year, depending on experience, location, and employer.

How does a Scan Analyst typically collaborate with other departments within a retail organization?

Scan Analysts play a key role in ensuring pricing accuracy and inventory integrity across the organization. They regularly collaborate with the merchandising and IT departments to update product information, resolve discrepancies, and implement promotions efficiently. Additionally, Scan Analysts often work closely with store managers and front-end staff to troubleshoot issues with point-of-sale systems and barcode scanning. Effective communication and teamwork are essential in this role to maintain seamless store operations and support business objectives.

What are the key skills and qualifications needed to thrive as a Scan Analyst, and why are they important?

To thrive as a Scan Analyst, you need strong analytical abilities, attention to detail, and experience with inventory management or retail systems, often backed by a relevant associate degree or retail experience. Familiarity with point-of-sale (POS) systems, data analysis software, and retail pricing tools such as NCR or IBM is typically required. Excellent organizational skills, problem-solving, and effective communication help Scan Analysts ensure pricing accuracy and collaborate with store teams. These skills are crucial for maintaining data integrity, minimizing pricing errors, and supporting efficient retail operations.

What is a Scan Analyst?

A Scan Analyst is a professional responsible for managing, interpreting, and analyzing data collected from scanning equipment, such as barcode scanners, MRI scanners, or document imaging systems. Their duties often include ensuring the accuracy and quality of scanned data, troubleshooting technical issues, and generating reports for internal use. Scan Analysts may work in various industries, including retail, healthcare, logistics, and document management, depending on the type of scanning technology utilized. They typically collaborate with IT staff, data analysts, and operational teams to optimize scanning processes and maintain data integrity.

What is the difference between Scan Analyst vs Data Analyst?

AspectScan AnalystData Analyst
Required CredentialsTypically certifications in imaging, scanning, or specific industry toolsOften requires degrees or certifications in statistics, data analysis, or related fields
Work EnvironmentHealthcare, security, or manufacturing settings involving scanning equipmentOffice environments, analyzing large datasets across various industries
Employer & Industry UsageHospitals, security firms, manufacturing companiesBusiness, finance, marketing, healthcare sectors

While both roles involve analyzing information, a Scan Analyst focuses on interpreting data from scanning devices, whereas a Data Analyst works with broader datasets to generate insights across multiple industries.

What are popular job titles related to Scan Analyst jobs in Virginia? For Scan Analyst jobs in Virginia, the most frequently searched job titles are:
What job categories do people searching Scan Analyst jobs in Virginia look for? The top searched job categories for Scan Analyst jobs in Virginia are:
Scan Analyst jobs near you
Infographic showing various Scan Analyst job openings in Virginia as of June 2026, with employment types broken down into 100% Full Time. Highlights an 60% In-person, and 40% Hybrid job distribution, with an average salary of $96,822 per year, or $46.5 per hour.
Cyber Security Analyst Level II

Cyber Security Analyst Level II

Blackwatch International

Mclean, VA โ€ข On-site

Full-time

Posted 14 days ago

Job description

Blackwatch International Corporation (Blackwatch) is a small business founded in 2010 and dedicated to supporting Federal business and national security objectives. Our headquarters are in McLean, VA, with satellite offices in Sacramento, CA.

Blackwatch invests in innovation and quality for our customers and staff, holding corporate-level ISO 9001:2015, ISO/IEC 27001:2013, and ISO/IEC 20000-1:2018 and CMMI Level 3 certifications. We are a leading provider of information technology (IT) infrastructure, cybersecurity, DevSecOps, data exploitation, and engineering services, specializing in large and complex projects. Blackwatch is dedicated to growth and offers a dynamic working environment with multiple opportunities for advancement.

Position Description: Possesses and applies a comprehensive knowledge across key tasks and high impact assignments. Plans and leads major technology assignments. Evaluates performance results and recommends major changes affecting short-term project growth and success. Functions as a technical expert across multiple project assignments. May supervise others.

Position Title: Cyber Security Analyst Level II

Position Location: On-site in Alexandria, VA; remote (if authorized)

Position Type: Regular

Years of experience: 5

Security Clearance: Public Trust

US Citizenship Required: Yes, must have Real ID

Summary

The scope of work for effort includes infrastructure Hosting (On-premise internal cloud only) โ€“ Compute support provides vital services in the provision and maintenance of those resources through a focus on the workflows and methodologies of how compute is created, maintained, and recaptured to deliver timely compute resources to customers, faster, and right sized while ensuring products stay secure and stable. Compute services provide engineering, and security and operations maintenances support for Server Operating Systems, as well as, requirements analysis and design, to ensure adherence to standards & policies for any USPTO Product or Component.

Objectives: Security OperationsInformation Assurance, RMF A&A, and documentation
  • Combined scope: Provide NIST-based IA governance, full RMF A&A lifecycle support (Categorize โ†’ Authorize โ†’ Monitor), and produce/update required artifacts (SSP, PTA/PIA, CAW, FIPS-199, PIAs, Contingency Plans, and associated A&A artifacts where applicable).
  • Rationale: RMF activities and IA documentation are tightly coupledโ€”same knowledge, same deliverables.
  • Acceptance criteria / metrics: SSP and associated artifacts updated within 30 calendar days of change; A&A artifacts produced for all major systems within 5 business days when requested.
Vulnerability & Configuration Management (KEV handling and scan tuning)
  • Combined scope: Perform vulnerability/compliance scan analysis, false-positive validation, REGEX/signature tuning, root-cause analysis, prioritization (KEV-first), and feed findings into POA&Ms and remediation actions. Track vulnerability lifecycle to ensure vulnerability closure โ‰ค180 days unless exception approved.
  • Rationale: Scan analysis, signature tuning, and KEV remediation are one continuous remediation workflow.
  • Acceptance criteria / metrics: Help ensure at least 50% of KEVs remediated by associated CISA deadlines; For non-KEVs help ensure vulnerabilities are closed within timeframes dictated in the Vulnerability Management Policies; false-positive suppression documented with expiry.
Baseline Management and Hardening
  • Combined scope: Maintain and update security configuration baselines for OS/network/middleware/databases; align with CIS/STIG/DISA; perform impact analysis and coordinate deployment of baseline changes with the OCISO Enterprise Scan Team. Time to notify OCISO Enterprise Scan Team should be within 15 calendar days of security configuration baseline release.
  • Rationale: Baseline creation, STIG/CIS adoption, and coordination with scanning are the same change management activity.
  • Acceptance criteria / metrics: Security Configuration Baselines should be at least 90% compliant to the associated DISA or CIS benchmark; time-to-deploy new benchmark โ‰ค 45 calendar days from approved release to OCISO scan policy change.
Identity, Privileged Access, and DHS CDM Initiatives
  • Combined scope: Implement and support IdAM (e.g., Okta), Privileged Access Management (CAPAM or equivalent), and CDM program technical integration; produce integration runbooks and control evidence.
  • Rationale: IdAM, PAM, and CDM are identity/credential posture functions that share controls and evidence requirements.
  • Acceptance criteria / metrics: Integration runbook delivered; % of highโ€‘risk privileged accounts under vaulting/policy; CDM dashboard metrics updated per schedule.
Cloud Security and Cloud A&A
  • Combined scope: Support RMF/FedRAMP-tailored A&A for cloud systems, produce cloud responsibility/control matrices, collect cloud-native evidence, and maintain continuous monitoring for cloud environments.
  • Rationale: Cloud A&A and cloud control mapping are a single domain of work and require different deliverables but the same ownership.
  • Acceptance criteria / metrics: Cloud A&A packages
Security Operations, Tooling, and Automation
  • Combined scope: Operate and integrate scanners and security tools (Tenable/DBProtect/HP WebInspect, CSAM repo), maintain detection rules and regex for signatures, provide scripting support (Linux/Windows/Python/PowerShell), and integrate network devices (Cisco/Juniper) and IPv6 assessments.
  • Rationale: Tool operations, automation, tunings, and scripting are continuous SOC/scan support functions.
  • Acceptance criteria / metrics: Tools and scans run per schedule; automation scripts stored in repo with versioning; mean time to validate scan findings. Assist Product Teams to integrate with Reference Pipeline.
POA&M Management, Remediation Coordination, and Knowledge Transfer
  • Combined scope: Maintain POA&M lifecycle (intakeโ†’assignโ†’remediateโ†’verifyโ†’close), provide remediation planning and translation for technical leads, and deliver training and job aids for sustainment.
  • Rationale: POA&M administration and knowledge transfer are part of remediation operations and change acceptance.
  • Acceptance criteria / metrics: POA&M aging distribution; 60% POA&Ms closed on schedule; number of training sessions and job aids delivered.
Incident Response Support and Enterprise Operations Command Center (EOCC) Coordination
  • Combined scope: Provide incident triage, forensic collection guidance, containment/eradication support, and follow-up lessons learned that feed POA&Ms and baselines.
  • Rationale: Incident response is discrete but tightly linked to remediation and baseline updates.
  • Acceptance criteria / metrics: Rally artifact coverage for security work; sprint predictability and throughput metrics; At least 90% data call submission timeliness.
Agile Delivery, Reporting, and Data Calls
  • Combined scope: Provide Scrum Master services, create Rally artifacts for POA&M and remediation work, manage sprints/epics/stories, and support USPTO data calls with timely, quality submissions and SME coordination.
  • Rationale: Agile management, reporting, and data-call delivery are governance and transparency functions supporting technical work.
  • Acceptance criteria / metrics: Rally artifact coverage for security work; sprint predictability and throughput metrics; At least 90% data call submission timeliness.
Compliance & External Directives Impact Assessment
  • Combined scope: Monitor and assess DHS/OMB memos, CISA BODs, and other directives; map to controls and operational actions; track and report compliance status and exceptions.
  • Rationale: Agile management, reporting, and data-call delivery are governance and transparency functions supporting technical work.
  • Acceptance criteria / metrics: New BOD/memo assessed within 15 calendar days; compliance register updated; exceptions documented and approved.
Responsibilities:

Lead a small team, focused on security services and solutions in support of the ten objectives listed above. The manager will take responsibility for:

  • Developing the Project Management plans and other contract documents
  • Directing the day-to-day efforts of technical personnel.
  • Ensuring the quality of deliverables: cyber documentation, software, engineering and testing plans, or network installations.
  • Monitors activities under the contract to ensure that all activities are executed in accordance with contract requirements and the CORโ€™s direction.

Minimum Qualifications:

Possesses and applies expertise on multiple complex work assignments. Assignments may be broad in nature, requiring originality and innovation in determining how to accomplish tasks. Operates with appreciable latitude in developing methodology and presenting solutions to problems. Contributes to deliverables and performance metrics where applicable. Experience across the following is required:

  • Support of Operations Security and Remediation Teamโ€™s role providing technical advice and National Institute of Standards and Technology (NIST) based information assurance governance guidance.
  • Strong Knowledge of the NIST Risk Management Framework (RMF) to perform technical support for annual Assessment and Authorization (A&A) security assessments performed by Office of the Chief Information Security Officer (OCISO).
  • Strong Understanding of all the NIST RMF Assessment and Authorization (A&A) documents and how to use the following but not limited to: Privacy threshold analysis (PTA), Privacy Impact Assessment (PIA), Control Assessment Worksheet (CAW), E-Auth, FIPS 199.
  • Transfer of Knowledge on managing Plans of Actions and Milestones (POA&Ms) for weakness remediation.
  • Strong Knowledge of the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB) memo/Binding Operational Directives (BODs) impact assessment.
  • Group to develop, update, and manage, cybersecurity documentation: System Security Plans, Privacy Assessments, Contingency Plans, Federal Information Processing Standard Publication 199 (FIPS-199) categorization changes Security Impact Assessments, etc.
  • Perform Technical support for Department of Homeland Security (DHS) initiatives that require implementation (such as Continuous Diagnostics and Mitigation (CDM) using Okta and Certificate Management-Privileged Access Management (CA-PAM).
  • Analyze vulnerability and compliance scans for false positive identification and evaluate in terms of operational system data in coordination with Product Team Leads.
  • Track and establish cause of vulnerabilities that are precise but no more than 180 days.
  • Review/Update/Create system security configuration baselines โ€“ revise as necessary as the Center for Internet Security (CIS) and Security Technical Implementation Guides (STIG).
  • benchmarks are updated and coordinate changes with associated OCISO Enterprise Scan Teamโ€™s compliance configurations upon three days of release.
  • Support teams to define and prioritize actionable timely recommendations for addressing compliance and vulnerability issues for network, operating systems, middleware, databases, and application. With experience leading remediation of Known Exploitable Vulnerabilities (KEVs).
  • Strong Understanding of the Federal Information Security Modernization Act (FISMA) systems, and National Institute of Standards and Technology (NIST) controls and support on how to implement them โ€“ potentially how to automate them whether through process, NIST OSCAL programming or other common scripting languages (e.g. Python).
  • In depth knowledge with networking, operating system, and middleware builds (configuration baselines).
  • In depth knowledge with CLOUD and Federal Information Security Management Act (FISMA) processes to include customer control metrics security tools and options.
  • Provide support with the Regular Expression (REGEX) for understanding/editing scan signatures.
  • Provide support, oversight, review, log data, network operation and security, and analysis for the following but not limited to: Scripting for Linux, Windows, Tenable, DBProtect, HP WebInspect, CSAM (the official cybersecurity repository), Juniper, CISCO, advance tools, IPv6.
  • Cloud security: to manage Assessment and Authorization (A&A) work for those systems
  • Use Rally to manage Epics, Features, and User Stories; provide Scrum Master services to create Rally artifacts and Agile documentation; translate Plan of Action and Milestones (POA&M) findings into clear, actionable guidance for technical leads and track remediation progress in Rally.
  • Supporting USPTO Data Calls and ensuring timely and completed submission, collaborating with subject matter experts.
  • Support incident response activities with Enterprise Operations Command Center.
  • Support new tools as required.

Desired Qualifications (not required, but a huge plus):

  • Experience with Rally and agile ceremonies.
  • Python coding
  • Experience using the Cybersecurity Asset Management (CSAM) system for customer base.