Vulnerability Analyst

Due to certain contracts and the nature of the work, US Citizenship is required.

We are seeking a motivated and detail-oriented Junior to Mid-Level Vulnerability Management (VM) Analyst to join our cybersecurity team. This fully remote role is ideal for someone early in their cybersecurity career or looking to grow into a mid-level position with a solid foundation in network and web application security concepts. You will primarily support the waiver research and approval process, analyze vulnerabilities, and work with tools like Invicti (web application scanning) and Tenable SecurityCenter (SC).

• Review and assess waiver requests for security vulnerabilities, ensuring proper documentation and justification.
• Use Invicti to scan and evaluate web applications for vulnerabilities such as XSS, SQL injection, and misconfigurations.
• Leverage Tenable SC to identify and assess vulnerabilities across network and infrastructure assets.
• Collaborate with application and system owners to gather technical information, remediation timelines, or risk mitigation plans.
• Document and track waiver decisions, expirations, and compliance requirements.
• Stay current on vulnerability trends, common exploits, and industry best practices.
• Support the broader vulnerability management lifecycle, including reporting and follow-up.

• 1–3 years of experience in cybersecurity, IT security, or a related technical role (internships, labs, or academic projects welcome).
• Understanding of the OSI model and data flow across network layers.
• Knowledge of HTTPS and secure web communication.
• Core networking concepts, including IP addressing, DNS resolution, ports, TCP/IP, and firewalls.
• Familiarity with vulnerability scanning tools such as Invicti, Tenable, or similar.
• Basic understanding of CVEs, CVSS scoring, and vulnerability classification.
• Strong analytical and problem-solving skills.
• Detail-oriented with strong documentation and organizational habits.
• Effective communication skills in a fully remote environment.
• Eagerness to learn and grow in cybersecurity.
• Awareness of Binding Operational Directives (BODs) and their role in cybersecurity compliance (e.g., BOD 22-01, BOD 23-02).

Preferred Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• Entry-level security certifications (e.g., CompTIA Security+ or similar).
• Knowledge of common web application vulnerabilities (e.g., OWASP Top 10).
• Experience with ticketing/workflow systems, especially ServiceNow.
• Understanding of the vulnerability management lifecycle, including remediation, exception handling, and risk acceptance.
• Exposure to secure coding principles and basic scripting (e.g., Python, Bash) is a plus.
• Knowledge of security and privacy frameworks such as NIST 800-53, NIST CSF, FISMA, and HIPAA.
• Ability to support compliance workflows related to BOD requirements.

Salary: $70K - $90K DOE

Additional benefits include:

• Paid Time Off & Holiday Pay
• Medical, Dental, and Vision Insurance
• Disability, Life Insurance, and AD&D
• Flexible Spending Accounts
• Pre-Tax 401K and/or After-Tax Roth IRA (with employer matching)
• Tuition and Technical Training Reimbursement
• Exercise and Computer Reimbursement
• Employee Assistance Program

Edgewater Federal Solutions is a privately held government contracting firm near Frederick, MD. Founded in 2002, we support customer missions through employee empowerment, exceptional service, and timely delivery. We are ISO 9001, 20000-1, 27001 certified, CMMI Level 3 appraised, and have been recognized as a Top Workplace in the Greater Washington Area from 2018 to 2024.

Edgewater is committed to providing equal employment opportunities without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, or other protected statuses.