Vulnerability Assessor

Vulnerability Assessor Location: Alexandria, VA (Hybrid – Telework with periodic on-site support as required)Clearance: Active Secret Position Overview ASRC Federal is seeking a Vulnerability Assessor to support the Department of War Education Activity (DoWEA) Enterprise Cyber Program. The Vulnerability Assessor will identify, analyze, and track system vulnerabilities to strengthen the organization’s cybersecurity posture and ensure compliance with DoD Risk Management Framework (RMF) requirements. This role supports Continuous Monitoring (ConMon) activities and works closely with cybersecurity and system teams to enhance DoWEA’s enterprise-wide security operations. Responsibilities Conduct vulnerability scans using ACAS (Tenable/Nessus), STIG Viewer, and related DoD-approved assessment tools. Categorize and analyze vulnerabilities in accordance with NIST SP 800-53, DISA STIGs, and DoDI 8510.01 (RMF). Collaborate with Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), and system administrators to track remediation and update Plans of Action and Milestones (POA&Ms). Prepare and maintain vulnerability assessment reports and risk summaries for leadership. Support RMF Steps 3–6 and Continuous Monitoring documentation within eMASS. Research and evaluate emerging technologies to identify new or evolving risks and recommend mitigation strategies. Basic Qualifications Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related discipline (four additional years of equivalent experience may substitute). Minimum 5+ years of cybersecurity or vulnerability management experience. Active DoD Secret clearance DoD 8570.01-M IAT Level II certification (e.g., Security+ CE, CySA+, CCNA-Security). Hands-on experience with ACAS (Tenable/Nessus) and STIG compliance tools. Strong analytical, documentation, and communication skills. Working knowledge of vulnerability scanning, risk assessment methodologies, and remediation tracking. Preferred Qualifications Familiarity with DoW (DoD) RMF, eMASS, and DISA STIG/SRG compliance. Understanding of NIST SP 800-53, CNSSI 1253, and DoDI 8510.01 frameworks. Knowledge of common cybersecurity threats, exploits, and attack vectors. Experience supporting federal or DoD IT environments. Positive, proactive approach and ability to collaborate effectively across remote and on-site teams.