[Remote] Vulnerability Management Engineer

Note: The job is a remote job and is open to candidates in USA. Quzara LLC is seeking a Vulnerability Management Engineer (FedRAMP & Pen Test Support) to deliver and scale their Authorized Vulnerability Management Services. This role involves managing the vulnerability management lifecycle and providing technical support for penetration testing efforts, particularly in federal and regulated environments. Responsibilities • Install, configure, maintain, and patch penetration testing toolsets (e.g., Burp Suite Pro, Metasploit, Kali Linux) for use in federal and regulated engagements • Execute and manage monthly FedRAMP Continuous Monitoring (ConMon) activities, including vulnerability scanning, deviation analysis, and POA&M generation • Configure, optimize, and maintain Tenable.io / Nessus scanners and web application scanning (WAS) tools to ensure accurate and comprehensive asset coverage • Own the health, licensing, patching, and lifecycle management of all vulnerability management and penetration testing tools to ensure continuous audit readiness • Analyze scan results and collaborate with Site Reliability Engineers (SREs), infrastructure teams, and application owners to drive timely remediation • Interpret vulnerability data across Windows, Linux, database, container, and web application assets and provide remediation guidance aligned with federal baselines • Support penetration testing preparation and execution by ensuring testing environments, tools, and configurations are compliant and operational • Provide vulnerability evidence, scan reports, and remediation documentation to support FedRAMP, FISMA, and third-party assessment activities • Continuously improve vulnerability management processes, scan coverage, and reporting accuracy across Quzara environments Skills • 4+ years of experience in Vulnerability Management or Penetration Testing support within FedRAMP or Federal environments • Expert-level proficiency with Tenable.io / Nessus, including scanner deployment, policy tuning, and result interpretation • Hands-on experience maintaining and operating penetration testing platforms (e.g., Kali Linux, Burp Suite, Metasploit) • Strong working knowledge of NIST SP 800-53 control requirements and FedRAMP Continuous Monitoring processes • Experience translating vulnerability findings into POA&Ms, remediation plans, and audit-ready documentation • Ability to collaborate cross-functionally with infrastructure, SRE, DevSecOps, and compliance teams • Must be a U.S. Citizen and eligible to support federal contracting environments • Tenable Certified Nessus Expert • Certified Ethical Hacker (CEH) • CompTIA PenTest+ • Certified Information Systems Security Professional (CISSP) Company Overview • Quzara is a DC-Based Cybersecurity firm. We are US Government SBA 8(a) Certified, WOSB and GSA HAC SINS approved in every category. It was founded in 2015, and is headquartered in Vienna, Virginia, USA, with a workforce of 11-50 employees. Its website is Apply tot his job