Vulnerability SME

Job ID
# of Openings
Cyber Security
Work Authorization
US Citizens, preferred


VariQ has an exciting opportunity for a highly qualified Vulnerability SME to support our client in Denver, CO.


Additional Information:

  • Salary: Dependent upon experience
  • Security Clearance: clearable, NACI
  • Available: within 30 days


  • Assess clients’ vulnerability management programs and develop recommendations to achieve Cybersecurity best practices.
  • Provide Cybersecurity and privacy analysis and consulting throughout the security assessment and compliance life cycle process.
  • Plan, develop, and finalize continuous monitoring of Cybersecurity and privacy policies, programs, compliance artifacts, and standards.
  • Assess and recommend automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities of large, complex information systems, including enclaves, networks and applications, services, and platform IT.
  • Respond to client requests for information.
  • Work as a Cybersecurity professional with experience in the Federal sector.



  • 8+ years of experience with Cybersecurity vulnerability assessments and equivalent processes
  • 5+ years of experience with planning and executing comprehensive Cybersecurity scanning and assessments, including identifying applicable security controls, analyzing assessment procedures, and identification and using required tools
  • Experience with using or configuring two or more of the following vulnerability assessment tools: Tenable/Nessus, Retina, QualysGuard, Nexpose, OpenVAS, HPE Fortify, Veracode, Tripwire, Guardium, RedSeal, or SkyBox
  • Experience with using GRC tools and platforms to manage and automate vulnerability assessment workflows
  • Experience with assessing organizational risks and recommending mitigation strategies
  • Knowledge of Cybersecurity principles, including Threat Intelligence, Penetration Testing, Red Team, and Incident Response within the context of supporting vulnerability management functions
  • Ability to consolidate, analyze, create, and brief findings on vulnerabilities and associated risk
  • Experience with ethical hacking, including information security, application vulnerability testing, code-level security auditing, and secure code reviews
  • Experience in change management techniques associated with new technology implementation
  • Experience assessing and validating security configurations of network operating systems, including Cisco IOS, database configurations, and UNIX systems and legacy operating systems, including AIX
  • Knowledge of secure development best practices, including OWASP and how to apply security standards to improve the SDLC process
  • Ability to use secure configuration benchmarks, including CIS and ISO to develop secure system configuration baseline policies

Education: BA or BS degree

Certifications: CISSP, CISM, SABSA, or GIAC Certification




VariQ is an equal opportunity employer.




Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed