What are the responsibilities and job description for the Vulnerability Management Engineer position at Oasys?
Who We Are: Oasys International LLC (Oasys) is a fast-growing federal government contractor delivering high-quality technology consulting and professional services to civilian, defense, and homeland security agencies. We have been recognized on Inc. 5000’s list of the fastest-growing companies in America for five consecutive years and named a Best Places to Work in Virginia for the past two years.
Our success is driven by a talented team of technologists, consultants, engineers, and subject-matter experts who support complex federal missions with integrity and excellence. At Oasys, we foster a collaborative, merit-based culture that values continuous learning, professional growth, and work-life balance. We are committed to creating an inclusive, engaging environment where employees are recognized for their contributions and empowered to build meaningful, long-term careers.
Position Summary:
The Vulnerability Management Engineer position supports vulnerability identification, analysis, remediation coordination, and compliance reporting for Federal systems. The role requires strong knowledge of federal cybersecurity frameworks, including NIST 800‑53, NIST 800‑37 RMF, FISMA, FedRAMP, and DoD‑specific controls. The Engineer will work with ISSOs, system owners, security architects, and engineering teams to ensure continuous visibility and reduction of security risks across mission‑critical environments. This role requires expertise in vulnerability scanning, assessment, automation, remediation tracking, and communicating risk to both technical and non‑technical federal stakeholders.
NOTE: This role is contingent on the contract being awarded.
Primary Responsibilities:
- Plan, schedule, and execute vulnerability scans on federal systems using tools such as Tenable Nessus and Qualys.
- Analyze scan results, validate findings, eliminate false positives, and prioritize remediation based on criticality, exploitability, and federal impact levels.
- Support vulnerability discovery across cloud, on‑premises, hybrid, and containerized environments.
- Ensure vulnerability management activities align with NIST RMF, NIST 800‑53, DOD STIGs, FedRAMP, and agency‑specific guidelines.
- Contributes to the creation, maintenance, and tracking of POA&Ms, ensuring compliance with federal deadlines and reporting requirements.
- Collaborate with ISSOs and system owners to support Security Control Assessments (SCAs) and audits.
- Work closely with system administrators, developers, network engineers, and cloud teams to drive timely remediation of vulnerabilities.
- Prepare compliance reports for federal leadership, auditors, ISSOs, and system owners.
- All other duties as assigned by management.
Skills and Qualifications:
- Bachelor’s degree in computer science or related field
- 8 years in Cybersecurity and Risk Management Framework
- Experience with vulnerability scanning tools (Nessus or Qualys)
- Experience performing risk assessments for Federal systems in AWS GovCloud
- Experience supporting FedRAMP High/Moderate systems
- Knowledge in Java, Python, HTML, SQL, CSS and cloud computing
- Excellent communication and management skills.
Certifications Required:
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security
Security Clearance Requirements:
- Must be a U.S. Citizen
- Must have an active DoD Secret clearance.
Work Location:
- Fairfax, VA – Corporate Headquarters (Hybrid)
NOTE: This role is contingent on the contract being awarded.
Oasys is proud to be an equal opportunity employer for all protected groups, including protected veterans and individuals with disabilities.