Cyber Security Analyst II (Vulnerability Management)

Position Overview

The Cyber Security Analyst II supports the organization’s Vulnerability Management Program by identifying, analyzing and tracking remediation of security weaknesses across federal information systems. This role contributes to the protection and resilience of federal information systems by ensuring vulnerabilities are properly assessed, prioritized and mitigated in accordance with NIST, CISA and agency cybersecurity policies. The analyst collaborates with system owners, engineers and compliance staff to align remediation activities with RMF, POA&M and continuous monitoring requirements.

Major Activities (Typical Duties/Responsibilities)

• Perform regular vulnerability scanning across servers, endpoints, network devices and cloud environments using approved tools (e.g., Tenable, Nessus).
• Analyze scan results to validate findings, identify false positives and prioritize vulnerabilities based on risk severity, exploitability and asset criticality.
• Coordinate with system owners and administrators to support timely remediation or mitigation of vulnerabilities.
• Document and track remediation progress through POA&Ms, ticketing systems or enterprise GRC platforms.
• Contribute to risk assessments by evaluating the potential impact of unmitigated vulnerabilities and recommending compensating controls.
• Support continuous monitoring reporting by updating vulnerability metrics, trends and risk summaries for leadership review.
• Participate in assurance activities, validating vulnerability scan coverage, tool configuration and data quality.
• Assist in evaluating patch management effectiveness and identify systemic gaps in remediation processes.
• Collaborate with the Security Operations Center (SOC) and Incident Response (IR) teams to correlate vulnerabilities with active threats and events.
• Support RMF implementation, ensuring vulnerability data informs security assessments, risk posture updates and authorization maintenance.
• Maintain awareness of CISA Binding Operational Directives (BODs), Common Vulnerabilities and Exposures (CVE) trends and emerging threat advisories impacting agency systems.
• Perform other duties as appropriate and as assigned. 

Knowledge/Skills/Abilities

• Experience with one or more vulnerability scanning tools (e.g., Tenable.sc, Nessus, Qualys, ACAS, or similar). Understanding of CVSS scoring, CVE analysis and patch management principles.
• Familiarity with CISA directives, STIGs and federal vulnerability reporting requirements.
• Knowledge of cloud vulnerability management, including AWS, Azure or hybrid environments.
• Good interpersonal skills: ability to work effectively and cooperatively with all levels of management and staff, affiliated-company employees as well as outside business associates; exhibits a professional manner in dealing with others.
• Superior organizational, follow-up and detail-oriented skills.
• Strong ability to analyze documents and categorize appropriately.
• Ability to maintain accurate records.
• Work independently, as well as on a team and with minimal supervision.
• Make decisions, solve problems and exercise excellent judgment.
• Work well under pressure and independently prioritize workload, while working on multiple projects.
• Ability to research, organize and analyze technical information with particular attention to accuracy and detail.
• Excellent written and verbal communication skills; including thorough knowledge of proper grammar, advanced vocabulary, spelling, editing and proofreading skills.
• Proficient using Microsoft Office products, such as Word, Excel and PowerPoint and industry-standard computer software and databases.
• High degree of sensitivity regarding confidential information.

Physical Abilities

• Sufficient fine motor skills for the use of computers, calculators with an ability to withstand repetitive keyboarding for extended periods of time.
• Visual and communications ability adequate to perform the essential functions of the job.
• Ability to kneel, bend and twist at the waist on an occasional basis.
• Ability to reach below shoulder height with regular frequency (desk position) and at or above shoulder height on occasion.
• Ability to push, pull, carry and lift objects weighing up to 10 pounds on a regular basis, and greater weights on an occasional basis.
• Ability to travel by vehicle or aircraft, and ability to safely operate a motor vehicle.

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science or a related field and at least two (2) years of experience in vulnerability management, system security, or security operations, or an equivalent combination of education, experience and training.
• Ability to pass a background and drug screening.
• Must have identification compliant with the Real ID Act at time of hire.
• Must be able to obtain Department of Energy access badge. 
• Must be able to obtain and maintain a U.S. government security clearance. 

Preferred Qualifications

• Experience integrating vulnerability scan data with GRC or POA&M tracking systems (e.g., eMASS, RegScale, ServiceNow GRC, or similar).
• Exposure to threat intelligence correlation or risk-based vulnerability prioritization methods.
• Relevant certifications such as Security+, CEH, CAP/CGRC, or Tenable Certified Practitioner.
  

Pay Range: $70,000-$134,190/ yearly

Benefits: OSC Technical Solutions offers excellent benefits for eligible employees. Benefits include paid holidays, paid time off, 401k with employer match, dental, vision, health insurance plans through the Federal Employee Health Benefits (FEHB) program, as well as life and disability benefits. 

OSC Technical Solutions does not discriminate, and the company provides equal employment opportunity for all employees and applicants without regard to race, religion, color, sex, gender, sexual orientation, national origin, citizenship status, age, marital status, pregnancy or parenthood, handicap or disability, genetics, veteran status or any other legally protected characteristic. OSC Technical Solutions adheres to all federal, state and local laws regarding equal employment opportunity and will not discriminate against you in violation of these laws. OSC Technical Solutions reserves the right to apply CIRI Shareholder preference to qualified Shareholders in employment and advancement opportunities.  

OSC Technical Solutions participates in E-Verify. We will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. 

Reasonable Accommodation:

OSC Technical Solutions will provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities. In compliance with the ADA Amendments Act (ADAAA), if you have a disability and would like to request an accommodation in order to apply for a position with OSC Global, LLC or any of its subsidiaries, please email recruiting@ciri.com.