Cyber Security Analyst III (Vulnerability Management)

{
  "content_hash": "83b34f772beb74df559c34397910959ebc5292b5082ac763b1dc51c9a055bb8b",
  "source_hash": "6b968290811f7b8d7736b8e2bb8ac4dc1c9361f2e2dfb43c58a7c32bf6e2b3e3",
  "last_changed_at": "2026-06-18T10:37:11.310Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "United States",
    "city": null,
    "region": null,
    "country": "United States",
    "is_remote": false,
    "confidence": 0.8
  },
  "salary_max": 158000,
  "salary_min": 89596,
  "inferred_at": "2026-06-19T10:28:44.834Z",
  "launch_scope": {
    "reason": "bamboohr_production_catalog",
    "included": true,
    "location": {
      "raw": "United States",
      "city": null,
      "region": null,
      "country": "United States",
      "is_remote": false,
      "confidence": 0.8
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "hybrid",
  "salary_period": "year",
  "workplace_type": "hybrid",
  "salary_currency": "USD"
}

{}

{
  "list_job": {
    "id": "321",
    "isRemote": null,
    "location": {
      "city": null,
      "state": null
    },
    "atsLocation": {
      "city": null,
      "state": null,
      "country": "United States",
      "province": null
    },
    "departmentId": "19360",
    "locationType": "1",
    "jobOpeningName": " Cyber Security Analyst III (Vulnerability Management)",
    "departmentLabel": "Master Infrastructure & Site Services IDIQ",
    "employmentStatusLabel": "Active, Full-Time"
  },
  "detail_errors": [],
  "detail_job_opening": {
    "location": {
      "city": null,
      "state": null,
      "postalCode": null,
      "addressCountry": null
    },
    "datePosted": "2026-06-15",
    "atsLocation": {
      "city": null,
      "state": null,
      "country": "United States",
      "countryId": "1"
    },
    "description": "<p><span style=\"color: rgb(0, 0, 0); font-weight: bold\">Position Overview</span></p>\n<p><span style=\"color: rgb(0, 0, 0)\">The primary duty of the Cyber Security Analyst III is the skilled application of systems analysis and technical evaluation methods to identify, test, and document security vulnerabilities across enterprise environments. This includes analyzing scan data, interpreting results with increasing independence, and supporting the design and implementation of software or system modifications that mitigate identified weaknesses. The role requires applying sound professional judgment to configure and validate vulnerability management tools, integrate results into enterprise systems, and ensure that solutions align with technical specifications and cybersecurity standards for unclassified federal information systems. The Analyst III operates with greater autonomy than junior levels, provides guidance to less experienced staff, and contributes to continuous improvement of vulnerability management processes.</span></p>\n<p><span style=\"color: rgb(0, 0, 0)\"> </span></p>\n<p><span style=\"color: rgb(0, 0, 0); font-weight: bold\">Major Activities (Typical Duties/Responsibilities)</span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0)\">Perform vulnerability scanning across servers, endpoints, network devices, and cloud environments using approved tools (e.g., Tenable, Nessus); refine scanning configurations, schedules, and coverage to improve program effectiveness.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Analyze and interpret scan results to validate findings, identify false positives, and prioritize vulnerabilities based on risk severity, exploitability, and asset criticality; provide well-supported risk-based recommendations to system owners and program leadership.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Coordinate with system owners, administrators, and stakeholders to support timely remediation or mitigation of vulnerabilities, including appropriate escalation of high-risk findings.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Document and track remediation progress through POA&amp;Ms, ticketing systems, or enterprise GRC platforms.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Contribute to and conduct risk assessments by evaluating the potential impact of unmitigated vulnerabilities, recommending compensating controls, and clearly documenting findings for review by stakeholders and leadership.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Support and contribute to continuous monitoring reporting by maintaining vulnerability metrics, trend analyses, and risk summaries for leadership review; identify gaps and recommend process improvements.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Conduct and participate in assurance activities, validating vulnerability scan coverage, tool configuration, and data quality; support audit and assessment activities to ensure program outputs meet federal reporting standards.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Evaluate patch management effectiveness and identify gaps in remediation processes; develop recommendations and supporting metrics for process improvement.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Collaborate with the Security Operations Center (SOC) and Incident Response (IR) teams, providing vulnerability context to help correlate known weaknesses with active threats, events, and exploitation indicators.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Support RMF implementation activities related to vulnerability management, ensuring vulnerability data informs security assessments, risk posture updates, and authorization maintenance; assist ISSOs and ISSMs with vulnerability-related POA&amp;M documentation and risk responses.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Monitor CISA Binding Operational Directives (BODs), Common Vulnerabilities and Exposures (CVE) trends, and emerging threat advisories; summarize implications for agency systems and communicate relevant findings to the team and stakeholders.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Provide guidance and informal mentoring to junior analysts on vulnerability management tasks, tool usage, and documentation standards; assist with onboarding of new team members as needed.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Contribute to vulnerability management process improvement efforts, including participation in tool evaluations and development of standard operating procedures, playbooks, and technical documentation.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Monitor the Configuration Management Database (CMDB) (e.g., ServiceNow CMDB) to maintain accurate asset inventory, validate scan coverage against the known asset population, and identify discrepancies between CMDB records and discovered assets.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Review and respond to configuration change alerts generated by the CMDB or related change management workflows; assess the vulnerability implications of configuration changes, coordinate with system owners as appropriate, and document findings in support of continuous monitoring requirements.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Perform other duties as appropriate and as assigned.</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-weight: bold\">Knowledge/Skills/Abilities</span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0)\">Proficiency with enterprise vulnerability scanning and management platforms (e.g., Tenable.sc, Nessus, Qualys, ACAS, or similar).</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Solid understanding of CVSS scoring, CVE analysis, patch management principles, and risk-based vulnerability prioritization methods.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Good interpersonal skills: ability to work effectively and cooperatively with all levels of management and staff, affiliated-company employees as well as outside business associates; exhibits a professional manner in dealing with others.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Superior organizational, follow-up, and detail-oriented skills.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Strong ability to analyze documents and categorize appropriately. </span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Ability to maintain accurate records. </span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Work independently, as well as on a team and with minimal supervision. </span></li>\n<li><span style=\"color: rgb(0, 0, 0)\"> Make decisions, solve problems, and exercise excellent judgment.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\"> Work well under pressure and independently prioritize workload, while working on multiple projects.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Ability to research, organize and analyze technical information with particular attention to accuracy and detail.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Excellent written and verbal communication skills; including thorough knowledge of proper grammar, advanced vocabulary, spelling, editing and proofreading skills. </span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Proficient using Microsoft Office products, such as Word, Excel and PowerPoint, and industry-standard computer software and databases. </span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">High degree of sensitivity regarding confidential information.<span style=\"font-weight: bold\"><br></span></span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-weight: bold\">Physical Abilities</span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0)\">Sufficient fine motor skills for the use of computers, calculators with an ability to withstand repetitive keyboarding for extended periods of time.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Visual and communications ability adequate to perform the essential functions of the job.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Ability to kneel, bend and twist at the waist on an occasional basis.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Ability to reach below shoulder height with regular frequency (desk position) and at or above shoulder height on occasion.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Ability to push, pull, carry and lift objects weighing up to 10 pounds on a regular basis, and greater weights on an occasional basis.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Ability to travel by vehicle or aircraft, and ability to safely operate a motor vehicle</span></li>\n</ul>\n<p><span style=\"color: rgb(0, 0, 0); font-weight: bold\"><br></span></p>\n<p><span style=\"color: rgb(0, 0, 0); font-weight: bold\">Minimum Requirements</span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0); font-size: 12pt\">Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field and </span><span style=\"color: rgb(0, 0, 0)\">5+ years of experience in vulnerability management, system security, or security operations, or equivalent combination of education, experience, and training.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Ability to pass a background and drug screening.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Must have identification compliant with the Real ID Act at time of hire.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Must be able to obtain Department of Energy access badge.</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0)\"> <span style=\"font-weight: bold\">Preferred Qualifications</span></span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0)\">Experience integrating vulnerability scan data with GRC or POA&amp;M tracking systems (e.g., eMASS, RegScale, ServiceNow GRC, or similar).</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Familiarity with CISA directives, STIGs, and federal vulnerability reporting requirements.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Knowledge of cloud vulnerability management, including AWS, Azure, or hybrid environments.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Exposure to threat intelligence correlation or risk-based vulnerability prioritization methods.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Relevant certifications such as Security+, CySA+, CEH, CGRC (CAP), or Tenable Certified Practitioner.</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0)\"><span style=\"font-weight: bold\">Pay Range</span>:  $89,596-$158,000</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0)\"><span style=\"font-weight: bold\">Benefits: </span>OSC Technical Solutions offers excellent benefits for eligible employees. Benefits include paid holidays, paid time off, 401k with employer match, dental, vision, health insurance plans through the Federal Employee Health Benefits (FEHB) program, as well as life and disability benefits. </span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif\">OSC Technical Solutions does not discriminate, and the company provides equal employment opportunity for all employees and applicants without regard to race, religion, color, sex, gender, sexual orientation, national origin, citizenship status, age, marital status, pregnancy or parenthood, handicap or disability, genetics, veteran status or any other legally protected characteristic. OSC Technical Solutions adheres to all federal, state and local laws regarding equal employment opportunity and will not discriminate against you in violation of these laws. OSC Technical Solutions reserves the right to apply CIRI Shareholder preference to qualified Shareholders in employment and advancement opportunities.  </span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-family: Inter, sans-serif\">OSC Technical Solutions participates in E-Verify. We will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. </span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-weight: bold\">Reasonable Accommodation:</span></p>\n<p><span style=\"color: rgb(0, 0, 0)\">OSC Technical Solutions will provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities. In compliance with the ADA Amendments Act (ADAAA), if you have a disability and would like to request an accommodation in order to apply for a position with OSC Global, LLC or any of its subsidiaries, please email <a href=\"mailto:[email protected]\" target=\"_blank\" rel=\"noopener noreferrer\">[email protected]</a>.</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0); font-weight: bold\">Important Employment Notice: Federal Contract &amp; RCW 49.44.240:</span></p>\n<p><span style=\"color: rgb(0, 0, 0)\">Due to our status as a federal contractor operating within the State of Washington, all applicants and employees must adhere to federal law, which classifies cannabis as a Schedule I controlled substance.</span></p>\n<p><span style=\"color: rgb(0, 0, 0)\">While Washington State’s RCW 49.44.240 (which generally prohibits employers from discriminating against an applicant based on their lawful use of cannabis off-site and during working hours) is state law, it does not supersede federal requirements.</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0)\"><em>Zero-Tolerance Policy and Disqualification</em></span></p>\n<ul>\n<li><span style=\"color: rgb(0, 0, 0)\">Prohibition: The use, possession, or distribution of cannabis is strictly prohibited for all employees, regardless of state law.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Testing: Applicants will be subject to pre-employment drug screening that includes testing for cannabis.</span></li>\n<li><span style=\"color: rgb(0, 0, 0)\">Disqualification: A positive test result for cannabis will result in immediate disqualification from consideration for employment, as mandated by our federal contract obligations.</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0)\">All applicants must be able to comply with all federal regulations, including those concerning controlled substances, as a condition of employment.</span></p>\n<p><br></p>\n<p><span style=\"color: rgb(0, 0, 0)\">In compliance with Homeland Security Presidential Directive 12 (HSPD-12) and Department of Energy (DOE) Hanford Field Office (HFO) direction, employees issued initial badges on or after September 1st, 2025, are required to obtain and maintain a HSPD-12 Personal Identity Verification (PIV) Credential. To obtain this credential, new employees must successfully complete and pass a federal background check investigation. This investigation encompasses multiple areas of eligibility and includes a declaration of illegal drug activities, including use, supply, possession, or manufacture within the last year. This includes marijuana and cannabis derivatives, which are still considered illegal under federal law, regardless of state laws.</span></p>",
    "compensation": "Pay Range:  $89,596-$158,000",
    "departmentId": "19360",
    "locationType": "1",
    "seekPromoted": false,
    "jobCategoryId": null,
    "jobOpeningName": " Cyber Security Analyst III (Vulnerability Management)",
    "departmentLabel": "Master Infrastructure & Site Services IDIQ",
    "jobOpeningStatus": "Open",
    "minimumExperience": "Experienced",
    "jobOpeningShareUrl": "https://oscglobal.bamboohr.com/careers/321",
    "employmentStatusLabel": "Active, Full-Time"
  }
}