1

Vulnerability Assessment Jobs (NOW HIRING)

Conduct vulnerability scans using ACAS (Tenable/Nessus), STIG Viewer, and related DoD-approved assessment tools. * Categorize and analyze vulnerabilities in accordance with NIST SP 800-53, DISA STIGs ...

Conduct vulnerability scans using ACAS (Tenable/Nessus), STIG Viewer, and related DoD-approved assessment tools. * Categorize and analyze vulnerabilities in accordance with NIST SP 800-53, DISA STIGs ...

$198K/yr

Vulnerability Assessment Analyst The Opportunity: Join a mission-driven team supporting the Army by delivering reliable, secure, and high-quality cybersecurity services that directly impact readiness ...

next page

Showing results 1-20

Vulnerability Assessment information

See salary details

$115.5K

$313.5K

$396.5K

How much do vulnerability assessment jobs pay per year?

As of Jul 7, 2026, the average yearly pay for vulnerability assessment in the United States is $313,495.00, according to ZipRecruiter salary data. Most workers in this role earn between $274,000.00 and $353,500.00 per year, depending on experience, location, and employer.

What are some typical responsibilities in a Vulnerability Assessment role?

Professionals in Vulnerability Assessment are responsible for identifying and analyzing security weaknesses in computer systems, networks, and applications. This typically involves running vulnerability scans, conducting manual assessments, interpreting findings, and preparing detailed reports with actionable recommendations. You may also collaborate closely with IT, development, and security operations teams to ensure that identified risks are properly addressed and mitigated. The role often requires staying up to date with the latest threat intelligence and participating in ongoing security improvement initiatives.

What are the key skills and qualifications needed to thrive in the Vulnerability Assessment position, and why are they important?

To excel in Vulnerability Assessment, you need solid knowledge of cybersecurity principles, network protocols, and risk analysis, often supported by a computer science degree and industry certifications such as CEH, OSCP, or CISSP. Familiarity with vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS) and security information and event management (SIEM) systems is crucial. Analytical thinking, attention to detail, and clear communication are important soft skills for working effectively with IT teams and stakeholders. These qualifications ensure accurate identification, assessment, and communication of security risks, which is vital for protecting organizational assets.

What is a Vulnerability Assessment job?

A Vulnerability Assessment job involves identifying, analyzing, and evaluating security weaknesses in computer systems, networks, and applications. Professionals in this role use automated tools and manual techniques to assess potential threats and provide recommendations for mitigation. They often work with cybersecurity teams to ensure that vulnerabilities are patched before they can be exploited by attackers. The goal is to strengthen an organization's security posture and prevent data breaches or cyberattacks.

More about Vulnerability Assessment jobs
What cities are hiring for Vulnerability Assessment jobs? Cities with the most Vulnerability Assessment job openings:
What are the most commonly searched types of Vulnerability Assessment jobs? The most popular types of Vulnerability Assessment jobs are:
What states have the most Vulnerability Assessment jobs? States with the most job openings for Vulnerability Assessment jobs include:
What job categories do people searching Vulnerability Assessment jobs look for? The top searched job categories for Vulnerability Assessment jobs are:
Infographic showing various Vulnerability Assessment job openings in the United States as of July 2026, with employment types broken down into 3% As Needed, 77% Full Time, 17% Part Time, and 3% Contract. Highlights an 93% Physical, 1% Hybrid, and 6% Remote job distribution, with an average salary of $313,495 per year, or $150.7 per hour.
Vulnerability Assessment Analyst

Vulnerability Assessment Analyst

Cybersecurity and Infrastructure Security Agency

Arlington, VA โ€ข On-site, Remote

$85K - $158K/yr

Full-time

Posted 6 days ago


Job description

Summary
This announcement is issued under the Direct Hire Authority (DHA) to recruit for positions for which there is a critical hiring need. Selectee(s) will receive a career or career-conditional appointment in the competitive service and may be required to serve a one year probationary period.
The official title of this position is Information Technology Cybersecurity Specialist (INFOSEC) GS-2210-11/12/13.
Learn more about this agency
Duties
Help
This position is located in the Cybersecurity Division (CSD), which leads CISA's cybersecurity efforts as the nation's flagship civilian cyber defense organization. CSD collaborates with partners across the government and private sector to enhance the nation's cybersecurity posture.
At full performance level, typical work assignments include, but are not limited to:

  • Staying abreast of emerging threats and vulnerabilities.
  • Conducting basic research and analysis on existing IT systems and infrastructure to identify potential security vulnerabilities and risks.
  • Analyzing vulnerability and configuration data .
  • Contributing to the evaluation and recommendation of new or enhanced security technologies.
  • Identifying potential vulnerabilities
  • Researching and documenting identified vulnerabilities.
  • Providing basic support to Cybersecurity projects.
  • Assisting in the development of project plans, schedules
  • Tracking project progress and report on milestones and deliverables.
  • Coordinating and collaborating with project stakeholders.
  • Providing support in the development and maintenance of project documentation.

Requirements
Help
Conditions of employment
  • You must be a U.S. citizen.
  • Selective Service - Males born after 12/31/59 must be registered or exempt from Selective Service, see http://www.sss.gov/
  • All Federal employees are required to participate in Direct Deposit/Electronic Funds Transfer for salary payments.
  • DHS uses E-Verify, an Internet-based system, to confirm the eligibility of all newly hired employees to work in the United States. Learn more about E-Verify, including your rights and responsibilities.
  • You must be able to obtain and maintain a security clearance suitable for Federal employment as determined by a background investigation. This may include a credit check, a review of financial issues, as well as certain criminal offenses and illegal use or possession of drugs.
  • One-year probationary period may be required.
  • This position may be designated as essential personnel. Essential personnel must be able to serve during continuity of operation events without regard to declarations of liberal leave or government closures due to weather, protests, and acts of terrorism or lack of funding. Failure to report for or remain in this position may result in disciplinary or adverse action in accordance with applicable laws, rules, and regulations (5 U.S.C. 7501-7533 and 5 CFR Part 752, as applicable).
  • This position has been identified as a drug testing designated position (TDP) for purposes of the CISA's Drug-Free Workplace Program. All applicants tentatively selected for this position will be required to submit to a drug test to screen for illicit/illegal drug use prior to receiving a final offer of employment. A final offer of employment is contingent upon a negative drug test result. After appointment, you may be subject to periodic random drug testing.

Qualifications
Do NOT copy and paste the duties, specialized experience, or occupational assessment questionnaire from this announcement into your resume as that will not be considered a demonstration of your qualifications for this position. Your resume must describe your work and experience, in your own words.
To be considered minimally qualified for this position, you must demonstrate that you have the required competencies and experience for the respective grade level in which you are applying:
BASIC REQUIREMENT:
REQUIRED COMPETENCIES: Experience must be Information Technology (IT)-related; the experience may be demonstrated by paid or unpaid experience and/or completion of specific, intensive training (for example, IT certification), as appropriate.
You must have IT-related experience demonstrating each of the competencies listed below:
You qualify at the GS-11 grade level, if you have:
  1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
  2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
  3. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations.
  4. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
  5. Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals.
  6. Technical Competence - Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues.

You qualify at the GS-12 and GS-13 grade level, if you have:
  1. Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
  2. Customer Service - Works with clients and customers (that is, any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government) to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services.
  3. Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change.
  4. Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems.
  5. Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations.
  6. Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
  7. Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
  8. Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals.
  9. Technical Competence - Uses knowledge that is acquired through formal training or on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues.

AND
MINIMUM QUALIFICATIONS:
SPECIALIZED EXPERIENCE:
In addition to meeting the qualification requirement listed above, you must have at least one year of specialized experience at the next lower GS-grade level (or equivalent). Specialized experience is experience that has equipped you with the particular competencies/knowledge, skills, and abilities to successfully perform the duties of the position and is typically in or related to the work of the position to be filled. Such experience is typically gained in the IT field or through the performance of work where the primary concern is IT.
GS-11
You qualify at the GS-11 grade level if you have at least one (1) year of specialized experience at the GS-09 grade level (or equivalent) performing the following duties:
  1. Performing basic vulnerability analysis and assessment;
  2. Communicating effectively both written and orally on the basic key details of a vulnerability; AND
  3. Gathering and organizing technical data to support the development of basic response strategies and efforts under the guidance of senior personnel.

GS-12
You qualify at the GS-12 grade level if you have at least one (1) year of specialized experience at the GS-11 grade level (or equivalent) performing the following duties:
  1. Performing and coordinating vulnerability response activities and disclosures by addressing vulnerabilities in Information Technology and Operational Technology systems;
  2. Developing tailored response strategies and analysis reports by identifying and validating evidence of exploitation; AND
  3. Managing routine vulnerability disclosure processes by ensuring effective communication with internal and external stakeholders.

GS-13
You qualify at the GS-13 grade level if you have at least one (1) year of specialized experience at the GS-12 grade level (or equivalent) performing the following duties:
  1. Overseeing and determining complex analysis of vulnerabilities by assessing their risk, prevalence, and impact on critical systems and infrastructure;
  2. Independently briefing senior leaders on vulnerability risks and impacts; AND
  3. Prioritizing vulnerabilities based on organizational and national risk by leveraging intelligence on exploitation to inform decision-making and recommend response strategies.

Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community, student, social). Volunteer work helps build critical competencies, knowledge, and skills and can provide valuable training and experience that translates directly to paid employment. You will receive credit for all qualifying experience, including volunteer experience.
All qualification requirements must be met by the closing date of this announcement.
Education
No Educational Substitution: There is no substitution of education for experience at this grade level. You must meet the qualifications listed in the "Requirements" section of this announcement.
Additional information
  • Other incentives may be authorized.
  • If you receive a conditional offer of employment for this position, you will be required to complete an Optional Form 306, Declaration for Federal Employment, and to sign and certify the accuracy of all information in your application, prior to entry on duty. False statements on any part of the application may result in withdrawal of offer of employment, dismissal after beginning work, fine, or imprisonment.
  • Additional vacancies may be filled with this announcement.
  • A one-year probationary period may be required during which we will evaluate your fitness and whether your continued employment advances the public interest. We may consider your performance and conduct, the needs and interests of the agency, whether your continued employment would advance organizational goals of the agency or the Government, and whether your continued employment would advance the efficiency of the Federal service. Upon completion of your probationary period your employment will be terminated unless you receive certification, in writing, that your continued employment advances the public interest.
  • If selected below the full performance level, you may be noncompetitively promoted to the next higher grade level after meeting all regulatory requirements, and upon the recommendation of management. Promotion is neither implied nor guaranteed.

Reasonable Accommodation (RA) Requests: If you believe you have a disability (i.e., physical or mental), covered by the Rehabilitation Act of 1973 as amended that would interfere with completing the USA Hire Competency Based Assessments, you will be granted the opportunity to request a RA in your online application. Requests for RA for the USA Hire Competency Based Assessments and appropriate supporting documentation for RA must be received prior to starting the USA Hire Competency Based Assessments. Decisions on requests for RA are made on a case-by-case basis. If you meet the minimum qualifications of the position, after notification of the adjudication of your request, you will receive an email invitation to complete the USA Hire Competency Based Assessments, based on your adjudication decision. You must complete all asse