[Hiring] Vulnerability Management Engineer @Quzara LLC

Role Description

The Vulnerability Management Engineer (FedRAMP & Pen Test Support) is responsible for delivering and scaling Quzara’s Authorized Vulnerability Management Services while providing technical enablement for high-impact penetration testing efforts supporting federal and regulated customers. This role owns the end-to-end vulnerability management lifecycle, including scanner configuration, continuous monitoring execution, remediation coordination, and tool maintenance.

• Install, configure, maintain, and patch penetration testing toolsets (e.g., Burp Suite Pro, Metasploit, Kali Linux) for use in federal and regulated engagements.
• Execute and manage monthly FedRAMP Continuous Monitoring (ConMon) activities, including vulnerability scanning, deviation analysis, and POA&M generation.
• Configure, optimize, and maintain Tenable.io / Nessus scanners and web application scanning (WAS) tools to ensure accurate and comprehensive asset coverage.
• Own the health, licensing, patching, and lifecycle management of all vulnerability management and penetration testing tools to ensure continuous audit readiness.
• Analyze scan results and collaborate with Site Reliability Engineers (SREs), infrastructure teams, and application owners to drive timely remediation.
• Interpret vulnerability data across Windows, Linux, database, container, and web application assets and provide remediation guidance aligned with federal baselines.
• Support penetration testing preparation and execution by ensuring testing environments, tools, and configurations are compliant and operational.
• Provide vulnerability evidence, scan reports, and remediation documentation to support FedRAMP, FISMA, and third-party assessment activities.
• Continuously improve vulnerability management processes, scan coverage, and reporting accuracy across Quzara environments.

Qualifications

• 4+ years of experience in Vulnerability Management or Penetration Testing support within FedRAMP or Federal environments.
• Expert-level proficiency with Tenable.io / Nessus, including scanner deployment, policy tuning, and result interpretation.
• Hands-on experience maintaining and operating penetration testing platforms (e.g., Kali Linux, Burp Suite, Metasploit).
• Strong working knowledge of NIST SP 800-53 control requirements and FedRAMP Continuous Monitoring processes.
• Experience translating vulnerability findings into POA&Ms, remediation plans, and audit-ready documentation.
• Ability to collaborate cross-functionally with infrastructure, SRE, DevSecOps, and compliance teams.
• Must be a U.S. Citizen and eligible to support federal contracting environments.

Preferred Certifications

• Tenable Certified Nessus Expert
• One or more of the following:
• Certified Ethical Hacker (CEH)
• CompTIA PenTest+
• Certified Information Systems Security Professional (CISSP)

EEO Statement

The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.