Motion Recruitment Partners LLC
Vulnerability Management Analyst / Contract / Remote
Motion Recruitment Partners LLC, California, Missouri, United States, 65018
Leader in their industry, our exciting global SaaS construction platform client seeks a contract Vulnerability Management Analyst. This is a fully remote role. Must be currently living in the USA.
The FedRAMP Vulnerability Management Analyst is a contract role focused on reviewing vulnerability deviation requests and working directly with engineering and development teams to ensure timely remediation or formal approval of exceptions within a FedRAMP authorized SaaS environment. The analyst keeps the exception workflow moving by validating requests, guiding teams on compensating controls, and updating program artifacts while maturing policies and procedures that support continuous compliance.
Contract Duration:
6-Months Required Skills & Experience At least three years in vulnerability or risk management. Experience with container and cloud environments such as EKS, ECS, or Kubernetes is beneficial. Desired Skills & Experience Prior coordination with software engineering or DevOps teams on vulnerability remediation is strongly preferred. What You Will Be Doing Daily Responsibilities Receive and evaluate deviation and risk acceptance requests; confirm CVSS scores, affected assets, and proposed compensating controls. Meet with engineers and developers to understand technical constraints, agree on remediation timelines, and document alternative solutions that satisfy FedRAMP Moderate or High requirements. Draft or refine risk acceptance forms and POA&M entries; shepherd each request through security, compliance, and Authorizing Official approval. Maintain an up-to-date exception register with owners, due dates, and revalidation checkpoints; remind stakeholders as deadlines approach. Update vulnerability management runbooks, service level agreements, and playbooks to reflect the approved deviation handling process and any new tooling integrations. Help integrate scanners or ticketing systems such as Prisma Cloud, Tenable, Qualys, and Jira so deviation status is captured and tracked automatically. Advise engineering teams on FedRAMP control requirements, acceptable compensating controls, and best practices for patching or mitigating findings. Support audits by supplying requested evidence and context prepared by the compliance team.
#J-18808-Ljbffr
6-Months Required Skills & Experience At least three years in vulnerability or risk management. Experience with container and cloud environments such as EKS, ECS, or Kubernetes is beneficial. Desired Skills & Experience Prior coordination with software engineering or DevOps teams on vulnerability remediation is strongly preferred. What You Will Be Doing Daily Responsibilities Receive and evaluate deviation and risk acceptance requests; confirm CVSS scores, affected assets, and proposed compensating controls. Meet with engineers and developers to understand technical constraints, agree on remediation timelines, and document alternative solutions that satisfy FedRAMP Moderate or High requirements. Draft or refine risk acceptance forms and POA&M entries; shepherd each request through security, compliance, and Authorizing Official approval. Maintain an up-to-date exception register with owners, due dates, and revalidation checkpoints; remind stakeholders as deadlines approach. Update vulnerability management runbooks, service level agreements, and playbooks to reflect the approved deviation handling process and any new tooling integrations. Help integrate scanners or ticketing systems such as Prisma Cloud, Tenable, Qualys, and Jira so deviation status is captured and tracked automatically. Advise engineering teams on FedRAMP control requirements, acceptable compensating controls, and best practices for patching or mitigating findings. Support audits by supplying requested evidence and context prepared by the compliance team.
#J-18808-Ljbffr