1

Vulnerability Assessment Analyst Jobs (NOW HIRING)

Conduct vulnerability scans using ACAS (Tenable/Nessus), STIG Viewer, and related DoD-approved assessment tools. * Categorize and analyze vulnerabilities in accordance with NIST SP 800-53, DISA STIGs ...

Conduct vulnerability scans using ACAS (Tenable/Nessus), STIG Viewer, and related DoD-approved assessment tools. * Categorize and analyze vulnerabilities in accordance with NIST SP 800-53, DISA STIGs ...

Responsibilities Perform vulnerability assessments and security scanning across operating systems, databases, web applications, and enterprise infrastructure Analyze vulnerabilities and support ...

Responsibilities • Perform vulnerability assessments and security scanning across operating systems, databases, web applications, and enterprise infrastructure • Analyze vulnerabilities and ...

Overview SOSi is seeking a Risk and Vulnerability Analyst II to support vulnerability assessment and risk analysis activities in alignment with our customer. This role is responsible for conducting ...

Apply Early

next page

Showing results 1-20

Vulnerability Assessment Analyst information

See salary details

$15

$52

$73

How much do vulnerability assessment analyst jobs pay per hour?

As of Jul 3, 2026, the average hourly pay for vulnerability assessment analyst in the United States is $52.16, according to ZipRecruiter salary data. Most workers in this role earn between $38.22 and $62.74 per hour, depending on experience, location, and employer.

What are some common challenges a Vulnerability Assessment Analyst faces when collaborating with other IT teams?

A Vulnerability Assessment Analyst often works closely with network, systems, and application teams to identify and mitigate security risks. One common challenge is effectively communicating technical findings in a way that is understandable and actionable for non-security specialists. Additionally, prioritizing vulnerabilities based on business impact and coordinating remediation efforts across different teams can be complex, especially in large organizations. Building strong relationships and maintaining clear communication channels are key to overcoming these challenges and ensuring timely resolution of security issues.

What is the difference between Vulnerability Assessment Analyst vs Penetration Tester?

AspectVulnerability Assessment AnalystPenetration Tester
CertificationsCompTIA Security+, CEH, CISSP (preferred)OSCP, CEH, GPEN
Work EnvironmentConducts assessments within organizations' security teams, often in office settingsPerforms simulated attacks, often in controlled or client environments
Industry UsageUsed across various industries for identifying security weaknessesMore common in cybersecurity consulting and offensive security roles

While both roles focus on security vulnerabilities, Vulnerability Assessment Analysts primarily identify and report weaknesses, whereas Penetration Testers actively exploit vulnerabilities to test security defenses. The roles often overlap but differ in scope and approach, with Analysts focusing on assessment and reporting, and Penetration Testers on active exploitation.

What does a Vulnerability Assessment Analyst do?

A Vulnerability Assessment Analyst is responsible for identifying, evaluating, and prioritizing security vulnerabilities within an organization’s IT systems and networks. They use specialized tools to scan for weaknesses, analyze the results, and provide actionable recommendations to mitigate risks. Their work helps protect the organization from cyber threats by ensuring that vulnerabilities are addressed before they can be exploited. Additionally, they may assist in developing security policies, conducting penetration tests, and educating staff about security best practices.

What are the key skills and qualifications needed to thrive as a Vulnerability Assessment Analyst, and why are they important?

To thrive as a Vulnerability Assessment Analyst, you need a solid understanding of network security, risk assessment, and vulnerability management, often supported by a degree in cybersecurity or related field. Familiarity with tools like Nessus, Qualys, and Metasploit, as well as certifications such as CompTIA Security+ or CEH, is typically required. Strong analytical thinking, attention to detail, and effective communication skills help analysts identify, report, and explain vulnerabilities to technical and non-technical stakeholders. These qualifications are crucial for proactively identifying security risks and helping organizations protect their information assets from potential threats.
More about Vulnerability Assessment Analyst jobs
What cities are hiring for Vulnerability Assessment Analyst jobs? Cities with the most Vulnerability Assessment Analyst job openings:
What states have the most Vulnerability Assessment Analyst jobs? States with the most job openings for Vulnerability Assessment Analyst jobs include:
What job categories do people searching Vulnerability Assessment Analyst jobs look for? The top searched job categories for Vulnerability Assessment Analyst jobs are:
Infographic showing various Vulnerability Assessment Analyst job openings in the United States as of June 2026, with employment types broken down into 79% Full Time, 17% Part Time, and 4% Contract. Highlights an 94% Physical, 1% Hybrid, and 5% Remote job distribution, with an average salary of $108,489 per year, or $52.2 per hour.

Vulnerability Assessor

asrcfh

Alexandria, VA • Hybrid

Other

Posted 22 days ago


Job description

Vulnerability Assessor

Location: Alexandria, VA (Hybrid – Telework with periodic on-site support as required)
Clearance: Active Secret


Position Overview

ASRC Federal is seeking a Vulnerability Assessor to support the Department of War Education Activity (DoWEA) Enterprise Cyber Program. The Vulnerability Assessor will identify, analyze, and track system vulnerabilities to strengthen the organization’s cybersecurity posture and ensure compliance with DoD Risk Management Framework (RMF) requirements. This role supports Continuous Monitoring (ConMon) activities and works closely with cybersecurity and system teams to enhance DoWEA’s enterprise-wide security operations.


Responsibilities
  • Conduct vulnerability scans using ACAS (Tenable/Nessus), STIG Viewer, and related DoD-approved assessment tools.

  • Categorize and analyze vulnerabilities in accordance with NIST SP 800-53, DISA STIGs, and DoDI 8510.01 (RMF).

  • Collaborate with Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), and system administrators to track remediation and update Plans of Action and Milestones (POA&Ms).

  • Prepare and maintain vulnerability assessment reports and risk summaries for leadership.

  • Support RMF Steps 3–6 and Continuous Monitoring documentation within eMASS.

  • Research and evaluate emerging technologies to identify new or evolving risks and recommend mitigation strategies.


Basic Qualifications
  • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related discipline (four additional years of equivalent experience may substitute).

  • Minimum 5+ years of cybersecurity or vulnerability management experience.

  • Active DoD Secret clearance

  • DoD 8570.01-M IAT Level II certification (e.g., Security+ CE, CySA+, CCNA-Security).

  • Hands-on experience with ACAS (Tenable/Nessus) and STIG compliance tools.

  • Strong analytical, documentation, and communication skills.

  • Working knowledge of vulnerability scanning, risk assessment methodologies, and remediation tracking.


Preferred Qualifications
  • Familiarity with DoW (DoD) RMF, eMASS, and DISA STIG/SRG compliance.

  • Understanding of NIST SP 800-53, CNSSI 1253, and DoDI 8510.01 frameworks.

  • Knowledge of common cybersecurity threats, exploits, and attack vectors.

  • Experience supporting federal or DoD IT environments.

  • Positive, proactive approach and ability to collaborate effectively across remote and on-site teams.