ZipRecruiter

Log In

1

Vulnerability Jobs (NOW HIRING)

Corporate Services

Sr. Vulnerability Analyst

Detroit, MI · On-site

$95K - $124.20K/yr

Senior Vulnerability Analyst is a key role in advancing vulnerability management throughout the HFHS enterprise through technical expertise with a focus on threat intelligence, vulnerability ...

Accenture

Vulnerability Researcher

Arlington, VA · On-site

$243.10K/yr

The Vulnerability Researcher is responsible for identifying weaknesses in networks, systems, and software, and implementing measures to strengthen cybersecurity within the program. This role develops ...

Dexian

Senior Vulnerability Engineer

Washington, DC · Hybrid

$118.30K - $162.50K/yr

Public Trust eligibility required Vulnerability Engineer Seeking a Senior Vulnerability Engineer to support enterprise vulnerability management, exposure management, compliance auditing, and web ...

Peraton

Cybersecurity Vulnerability Analyst

Baltimore, MD · On-site

$104K - $166K/yr

Cybersecurity Vulnerability Analyst Job Locations US-MD-Linthicum Requisition ID 2026-167091 Position Category Intel and Threat Analysis Clearance Secret Responsibilities This Cybersecurity ...

AgreeYa Solutions

Senior Vulnerability Engineer

Phoenix, AZ · On-site

$103.80K - $142.50K/yr

Senior Vulnerability Engineer Locations :: Phoenix AZ / Westerville OH The Senior Vulnerability Engineer is a hands-on role responsible for driving timely, high-quality remediation of security ...

Dexian DISYS

Senior Vulnerability Engineer

Washington, DC · Hybrid

$118.30K - $162.50K/yr

Public Trust eligibility required Vulnerability Engineer Seeking a Senior Vulnerability Engineer to support enterprise vulnerability management, exposure management, compliance auditing, and web ...

Bigbear.ai

Vulnerability Researcher

Annapolis Junction, MD

$135.36K - $281.54K/yr

Overview Vulnerability Researcher Location:On-Site (Annapolis Junction, MD) Clearance Required:TS/SCI with Poly Do you have a passion for uncovering hidden vulnerabilities and pushing the boundaries ...

HID

Senior Product Vulnerability Manager

$129.50K - $170.90K/yr

The Senior Product Vulnerability Manager will own the corporate-wide Product Vulnerability Management program, establishing capabilities to detect and respond to product vulnerabilities while ...

HID Global

Senior Product Vulnerability Manager

Austin, TX · Remote

$125.40K - $165.50K/yr

An Amazing Career Opportunity foraSenior Product Vulnerability Manager!! Location: Remote (US & Europe) Job ID: 47562 As part of the Product Security and Privacy team, you will own and operate the ...

next page

Showing results 1-20

People also search for

All JobsVulnerability Jobs

Vulnerability information

See salary details

$37.5K

$107.9K

$143K

How much do vulnerability jobs pay per year?

As of Jun 4, 2026, the average yearly pay for vulnerability in the United States is $107,902.00, according to ZipRecruiter salary data. Most workers in this role earn between $94,000.00 and $117,500.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Vulnerability Analyst, and why are they important?

To thrive as a Vulnerability Analyst, you need a solid understanding of network security, operating systems, and vulnerability assessment methodologies, typically supported by a degree in cybersecurity or IT and relevant certifications like CompTIA Security+ or CEH. Familiarity with tools such as Nessus, OpenVAS, Metasploit, and vulnerability management platforms is essential. Strong analytical thinking, attention to detail, and effective communication help in identifying risks and explaining findings to diverse stakeholders. These skills ensure timely detection and remediation of security weaknesses, protecting organizations from cyber threats.

What are some common challenges faced by professionals working in vulnerability management roles?

Professionals in vulnerability management often face the challenge of keeping up with constantly evolving threats and newly discovered vulnerabilities. Prioritizing which vulnerabilities to address first, especially in large environments with thousands of potential risks, can be demanding. Collaborating with IT, development, and security teams to ensure timely remediation and maintaining clear communication about risk levels are also essential parts of the role. Additionally, balancing the need for quick patching with the risk of disrupting business operations requires careful judgment.

What are vulnerability analysts?

Vulnerability analysts are cybersecurity professionals who identify, assess, and help remediate security weaknesses in computer systems, networks, and software. They use various tools and techniques to scan for vulnerabilities, analyze threats, and recommend solutions to mitigate risks. Their work is crucial in preventing cyberattacks and ensuring the security of organizational assets. Vulnerability analysts often collaborate with IT and security teams to prioritize and address vulnerabilities based on their potential impact.

Can I make $200,000 a year in cyber security?

Vulnerability analysts and cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP, and roles in high-demand sectors or management positions. Salaries vary based on location, expertise, and the complexity of the security environment, but high-level cybersecurity roles often reach or exceed this income level.

What is the difference between Vulnerability vs Penetration Tester?

AspectVulnerabilityPenetration Tester
Primary FocusIdentifying security weaknesses and vulnerabilities in systemsSimulating cyberattacks to exploit vulnerabilities and test defenses
CertificationsCompTIA Security+, CEH, OSCP (for some roles)OSCP, CEH, GPEN, CISSP (often overlapping)
Work EnvironmentSecurity analysis, vulnerability scanning, reportingActive testing, exploitation, reporting
Industry UsageSecurity assessment, risk managementSecurity testing, red teaming

Vulnerability specialists focus on identifying weaknesses in systems, while penetration testers actively exploit those vulnerabilities to assess security effectiveness. Both roles require similar certifications and work in cybersecurity, but their methods and objectives differ: vulnerability analysts aim to find issues, whereas penetration testers simulate attacks to evaluate defenses.

More about Vulnerability jobs
What cities are hiring for Vulnerability jobs? Cities with the most Vulnerability job openings:
What are the most commonly searched types of Vulnerability jobs? The most popular types of Vulnerability jobs are:
What states have the most Vulnerability jobs? States with the most job openings for Vulnerability jobs include:
What job categories do people searching Vulnerability jobs look for? The top searched job categories for Vulnerability jobs are:
Vulnerability jobs near you
Vulnerability Analyst II

Vulnerability Analyst II

cFocus Software Incorporated

Washington, DC • On-site

Other

This job post has expired today. Applications are no longer accepted.

Job description

Vulnerability Analyst II
Position Title: Vulnerability Analyst II
Program: SBA Enterprise Cybersecurity Services (ECS)Position Summary
The Vulnerability Analyst II provides cybersecurity risk, vulnerability management, and compliance support services in alignment with the SBA Enterprise Cybersecurity Services (ECS) RFQ Task Area 3.5.2. The position supports the SBA Risk Management Framework (RMF), FISMA compliance initiatives, Information System Continuous Monitoring (ISCM), vulnerability management, controls assessment activities, audit support, and continuous monitoring operations across enterprise systems and cloud environments. The analyst performs vulnerability assessments, supports POA&M development, validates security controls, coordinates remediation efforts, and assists Information System Security Officers (ISSOs) and system owners with maintaining compliant and secure systems.Essential Duties and Responsibilities
  • Perform enterprise vulnerability assessments and compliance scans using SBA-approved tools such as Tenable Security Center (SC), Nessus, and Microsoft TVM.
  • Review identified vulnerabilities, assess impact and risk, and provide remediation recommendations for operating systems, applications, network devices, and cloud environments.
  • Support continuous monitoring and Risk Management Framework (RMF) activities in accordance with NIST SP 800-37, NIST SP 800-53 Rev. 5, and NIST SP 800-53A.
  • Assist with the creation, maintenance, and review of cybersecurity documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), Configuration Management Plans (CMPs), and contingency documentation.
  • Support control assessments and validation activities by documenting NIST 800-53A Determine If Statements (DISs) and mapping vulnerabilities to applicable controls.
  • Conduct vulnerability scanning activities every 72 hours across workstations, servers, routers, switches, and cloud-based assets in accordance with SBA requirements.
  • Monitor CISA Known Exploited Vulnerabilities (KEV) listings and Binding Operational Directives (BODs) to identify and report emerging risks.
  • Track zero-day vulnerabilities, coordinate remediation activities, and provide ad hoc reporting to leadership and stakeholders.
  • Generate weekly vulnerability reports, dashboards, and briefing materials for ISSOs, system owners, and management.
  • Assist with audit preparation and support activities involving IG, GAO, internal auditors, and external assessors.
  • Maintain scanning infrastructure including scanner deployment, configuration, plugin updates, scan repositories, and vulnerability management SOPs.
  • Support FedRAMP Continuous Monitoring (CONMON) activities by reviewing vulnerability reports and assessing vendor remediation activities.
  • Participate in change management, security operations meetings, and enterprise cybersecurity coordination activities.
  • Ensure all deliverables are complete, accurate, aligned with agency templates, and delivered within required timeframes.
Minimum Qualifications
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Assurance, or related discipline. Additional years of experience may substitute for degree requirements.
  • 3-6 years of experience supporting vulnerability management, cybersecurity compliance, RMF, or information assurance activities in a federal environment.
  • Experience performing vulnerability assessments and remediation activities using Tenable SC/Nessus or equivalent tools.
  • Knowledge of FISMA, NIST RMF, NIST SP 800-53 Rev. 5, NIST SP 800-53A, NIST SP 800-137, and related federal cybersecurity standards.
  • Experience supporting POA&M management, security assessments, continuous monitoring, and audit response activities.
  • Working knowledge of Windows, Linux/Unix, network infrastructure, cloud platforms, and enterprise security technologies.
  • Strong written and verbal communication skills with the ability to produce technical documentation and executive-level reports.
  • Ability to analyze security findings, prioritize risks, and coordinate remediation with technical stakeholders.
Preferred Certifications
  • CompTIA Security+
  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (CEH)
  • GIAC Security Certifications (GSEC, GPEN, or similar)
  • Tenable Certified Professional or equivalent vulnerability management certification

Apply