Vulnerability Analyst/Risk Subject Matter Expert (SME)

Job Description

Job DescriptionDescription:

* This position is contingent upon a future opening with Gunnison.

Salary: $125,000 - $135,000/year

Work Location: This position will be primarily remote, with the possibility of on-site work requirements up to and including eventual return-to-office.

The Vulnerability Analyst/Risk SME provides subject matter expertise in identifying, prioritizing, and mitigating vulnerabilities across federal client systems. This role supports ISCA activities, RMF processes, and continuous monitoring by ensuring risks are documented, communicated, and resolved in line with Department and NIST guidance.

Duties and responsibilities include:

• Perform vulnerability analysis across applications, databases, operating systems, and network components.
• Correlate vulnerabilities with NIST SP 800-53 control deficiencies and categorize risk levels.
• Support risk determination and acceptance processes by preparing Residual Risk Statements and recommendations for Authorizing Officials.
• Coordinate with ISSOs, SCAs, and system owners to track remediation progress and update POA&Ms.
• Conduct technical validation of mitigations and perform retesting of remediated findings.
• Provide risk briefings and metrics to senior leadership to inform decision-making.
• Ensure vulnerability data integrates into broader risk management and continuous monitoring activities.

Requirements:

• 5+ years of vulnerability management or cybersecurity risk analysis experience.
• Strong knowledge of NIST RMF, FISMA, and federal risk management processes.
• Hands-on experience with vulnerability management tools (e.g., Tenable, Qualys, Rapid7).
• Ability to assess risk impact, likelihood, and recommend prioritization strategies.
• Strong documentation and presentation skills for risk communication.
• Certifications preferred (e.g., CISSP, CISM, CRISC, or CVA).

Clearance Requirement: Active Secret clearance required.

The salary range for this position depends upon multiple factors including location, the individual's knowledge, skills, competencies, and experience, and contract-specific budget constraints and organizational requirements.
Gunnison Consulting Group's total compensation package also includes bonus and profit-sharing opportunities, depending on company and employee performance. Available employee benefits include:

• 3 weeks of Personal Leave your first year
• 11 paid Holidays each year
• 5 days of Flexible Time Off each year
• 401(k) company match at 50% up to 10% of your salary
• Medical, Dental and Vision Insurance
• Life and Disability Insurance
• Public Transportation Subsidies
• Certifications and Training Allowance - $2,500/year!

Why Join Gunnison?

• Gunnison takes on ambitious projects. We target fun, challenging work that requires creative thinking and innovation.
• Quality is our top priority.
• Gunnison employee benefits meet or exceed what other companies in the Washington, D.C. metropolitan area offer.
• There is a great sense of camaraderie at Gunnison. This is an atmosphere we will maintain as we continue to grow.
• We are growing rapidly and the opportunity for individual professional growth with Gunnison is outstanding.
• We hire for careers at Gunnison, not to fill a position.

Equal Opportunity/Affirmative Action Employer. Must be eligible for employment in the United States. We are unable to sponsor candidates at this time.
In 1994 Gunnison began serving the greater Washington, D.C. metro area, focused on tackling our customers' most ambitious technology projects. By creating a culture dedicated to enabling our customers and employees to achieve more than they ever thought they could, the company has thrived for over 25 years.