WINTrio career opportunity

Career Opportunity

Cybersecurity Analyst – Vulnerability Management (Tenable / Nessus / ACAS)

(U.S.) with Occasional Travel · Full Time

Position Title: Cybersecurity Analyst – Vulnerability Management (Tenable / Nessus / ACAS) 
Location: Remote (U.S.) with Occasional Travel 
Client: Federal / Public Sector Programs 
Work Authorization: Candidates must be authorized to work in the United States. U.S. Citizenship may be required based on client assignment. 
Application Email: careers@wintrio.com 

📩 To apply, please submit your resume to careers@wintrio.com or complete the application form below. 

Job Summary 

WINTrio LLC is seeking a Cybersecurity Analyst – Vulnerability Management to support enterprise vulnerability assessment, analysis, remediation coordination, compliance tracking, and continuous monitoring activities across Federal IT environments. 

The ideal candidate will possess hands-on experience performing vulnerability scans, analyzing security findings, validating scan results, coordinating remediation activities, and supporting compliance reporting efforts. This role requires a strong understanding of vulnerability management processes, Federal cybersecurity requirements, and risk-based remediation strategies across cloud, on-premises, and hybrid technology environments. 

The successful candidate will work closely with system administrators, developers, ISSOs, cloud engineers, and program stakeholders to improve security posture and reduce organizational risk. 

Job Responsibilities 

  • Perform recurring and ad hoc vulnerability assessments using Tenable, Nessus, ACAS, Qualys, Rapid7, or similar vulnerability management platforms. 
  • Analyze vulnerability findings across operating systems, databases, web applications, APIs, cloud services, containers, endpoints, and network infrastructure. 
  • Validate scan results, identify false positives, and assess risk based on exploitability, asset criticality, and mission impact. 
  • Coordinate remediation activities with system administrators, developers, ISSOs, cloud teams, and infrastructure personnel. 
  • Track vulnerabilities through closure using POA&Ms, ticketing systems, remediation dashboards, and risk registers. 
  • Support compliance with NIST SP 800-53, FISMA, FedRAMP, DHS CDM requirements, agency service-level agreements, and remediation timelines. 
  • Develop vulnerability reports, trend analyses, executive summaries, compliance metrics, and technical remediation guidance. 
  • Support STIG, SCAP, CIS Benchmark, and configuration compliance assessments. 
  • Assist with authenticated scanning, credentialed scanning, web application testing, scan tuning, and policy optimization activities. 
  • Support continuous monitoring programs, security assessments, audits, and evidence collection activities. 
  • Collaborate with cybersecurity and operations teams to strengthen overall security posture and vulnerability management processes. 
  • Support continuous improvement initiatives and vulnerability management best practices. 

Required Qualifications 

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field, or equivalent professional experience. 
  • Minimum three (3) years of cybersecurity experience with a focus on vulnerability management, security assessments, scanning, or remediation support. 
  • Hands-on experience with Tenable.io, Tenable.sc, Nessus, ACAS, Qualys, Rapid7, or comparable vulnerability management tools. 
  • Understanding of CVEs, CVSS scoring, asset criticality, exploitability analysis, remediation prioritization, and risk-based decision making. 
  • Experience coordinating remediation activities with technical and operational teams. 
  • Understanding of Federal cybersecurity frameworks, including NIST SP 800-53, FISMA, RMF, and FedRAMP. 
  • Strong written and verbal communication skills. 
  • Strong analytical, organizational, and problem-solving abilities. 

Technical Areas 

Vulnerability Management 

  • Vulnerability Assessment 
  • Vulnerability Analysis 
  • Risk-Based Remediation 
  • Continuous Monitoring 
  • Security Findings Validation 
  • Remediation Tracking 
  • Vulnerability Reporting 

Federal Cybersecurity Compliance 

  • NIST SP 800-53 
  • NIST SP 800-40 
  • Risk Management Framework (RMF) 
  • FISMA 
  • FedRAMP 
  • DHS Continuous Diagnostics and Mitigation (CDM) 

Security Operations & Analysis 

  • CVE Analysis 
  • CVSS Scoring 
  • CWE Analysis 
  • CPE Identification 
  • Known Exploited Vulnerabilities (KEV) 
  • Exploit Prediction Scoring System (EPSS) 
  • Attack Surface Management 

Cloud & Infrastructure Security 

  • AWS 
  • Microsoft Azure 
  • Windows Server 
  • Linux 
  • Kubernetes 
  • Docker 

Tools & Platforms 

Vulnerability Management Tools 

  • Tenable.io 
  • Tenable.sc 
  • Nessus 
  • ACAS 
  • Qualys 
  • Rapid7 InsightVM 

Application Security Tools 

  • WebInspect 
  • Burp Suite 
  • OWASP ZAP 
  • Fortify 
  • SonarQube 

Configuration Compliance Tools 

  • STIG Viewer 
  • SCAP 
  • CIS-CAT 
  • DISA STIGs 
  • CIS Benchmarks 

Tracking & Collaboration Tools 

  • ServiceNow 
  • JIRA 
  • Azure DevOps 
  • POA&M Tracking Systems 

Reporting & Analytics 

  • Splunk 
  • Power BI 
  • Microsoft Excel 
  • Tableau 
  • Executive Dashboards 

Preferred Certifications 

  • CompTIA Security+ 
  • CompTIA CySA+ 
  • Certified Ethical Hacker (CEH) 
  • Tenable Certified Nessus Auditor 
  • Tenable.sc Specialist 
  • Tenable.io Specialist 
  • GIAC Security Certifications (GSEC, GPEN, or equivalent) 
  • AWS Certified Security – Specialty 
  • Microsoft Azure Security Engineer Associate 
  • ITIL Foundation 

Preferred Qualifications 

  • Experience supporting large-scale vulnerability management programs involving thousands of assets. 
  • Experience with authenticated scanning, scan credential troubleshooting, and scan policy optimization. 
  • Experience supporting POA&M development, remediation tracking, and risk acceptance documentation. 
  • Experience supporting Federal civilian, DHS, DoD, intelligence, or cloud-hosted environments. 
  • Experience supporting enterprise continuous monitoring programs and security operations activities. 
  • Familiarity with cloud-native infrastructure and modern application environments. 

Work Environment 

  • Full-time position. 
  • Remote within the United States. 
  • Standard business hours Monday through Friday. 
  • Occasional travel may be required in support of customer meetings, security assessments, and program activities. 

WINTrio Benefits 

  • Healthcare (Medical, Dental, and Vision) 
  • Flexible Spending Account (FSA) and Health Savings Account (HSA) 
  • 401(k) and Retirement Savings Plan 
  • Annual Bonus and Profit Sharing Opportunities 
  • Paid Time Off (PTO) and Vacation 
  • Employee Assistance Program (EAP) 
  • Life, Personal, and Voluntary Disability Insurance 

Growth Opportunities 

There is ample opportunity to grow in multiple dimensions, including vulnerability management, cybersecurity operations, cloud security, compliance modernization, DevSecOps, risk management, and cybersecurity leadership. We are a completely employee-driven company, and our continued success is built on the talent, dedication, and innovation of our team members. 

Equal Opportunity Employer 

WINTrio LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. 

Contract Vehicles & Certifications

Trusted credentials for federal delivery

Certifications and contract access that support secure, compliant, mission-ready modernization.