K2United is an organization that houses two distinct, national, customer-facing brands tied together by a shared purpose: setting the standard for an extraordinary workplace. Through our brands, K2Share and CareerSafe, we provide advisory services in cyber risk management and online education for workforce readiness.
Our four core values define how we show up every day:
- Respect Others - We lead with respect, building trust and connection.
- Internally Driven - We are relentlessly compelled to accomplish our objectives.
- Collaborative Innovation - We create by listening, sharing, and working together.
- Client Success - We hold our clients' mission as our own.
We believe in people who are accountable, curious, and motivated to make an impact that matters.
Our programs make a meaningful difference. CareerSafe supports more than two million users each year, while K2Share delivers cybersecurity and IT solutions that strengthen federal agencies. As part of our team, you'll help solve complex challenges in a mission-driven, small-business environment that values professional growth, collaboration, and work-life balance.
K2Share is seeking a Vulnerability Management Engineer to support a federal health-sector client. In this role, you will lead the identification, analysis, communication, and remediation of vulnerabilities across client-managed systems, devices, and software. You will help reduce operational risk through proactive scanning, disciplined reporting, and close coordination with technical stakeholders across the enterprise.
This position supports a large enterprise environment under continuous vulnerability management, including recurring host and application scanning and additional targeted assessments as needed.
About You
You are a hands-on vulnerability management professional who understands that effective security work is not just about finding issues. It is about helping organizations act on them quickly and effectively. You are comfortable operating scanning infrastructure, analyzing results, and working with system owners to drive remediation across complex hybrid environments.
You know how to balance urgency with rigor. You can identify the highest-risk issues, communicate them clearly, and track them through resolution in accordance with federal policy and operational timelines. You are also comfortable working across technical teams and government stakeholders, bringing structure to ambiguous problems and helping mature an enterprise vulnerability-management program over time.
You thrive in a role where your work directly improves the security posture of mission-critical systems. You are detail-oriented, collaborative, and able to move from technical analysis to actionable guidance without losing sight of the larger risk picture.
Your Impact
As the Vulnerability Management Engineer, you will play a central role in strengthening the client's cyber defense posture. You will operate the vulnerability-management function, support enterprise scanning and remediation workflows, and help ensure vulnerabilities are identified, prioritized, and addressed in a timely and compliant manner.
In this role, you will:
- Manage, operate, and maintain vulnerability-management infrastructure capable of performing credentialed scans across approved client-managed managed systems, devices, and applications.
- Perform host-based, network-based, application, and database vulnerability scanning and deliver actionable remediation guidance.
- Analyze scan results and network architecture to identify the highest-risk vulnerabilities and recommend appropriate mitigation steps.
- Conduct specialized assessments for High Value Assets (HVAs) and other designated systems, ensuring reports meet HVA requirements.
- Support the implementation, operation, and maintenance of vulnerability-management projects within client's Information Security Project Dashboard.
- Alert technical points of contact to risks posed by vulnerabilities, missing assets, configuration errors, and unauthorized software or hardware.
- Escalate critical vulnerabilities within 24 hours and track remediation to closure in accordance with applicable federal, department, and agency policy and contractual remediation timelines.
- Monitor the CISA Known Exploited Vulnerabilities (KEV) Catalog and other authoritative sources to support timely remediation and compliance with applicable Binding Operational Directives.
- Coordinate with program areas and system owners to prioritize mitigation steps, including end-user mitigation activities when needed.
- Provide risk analysis for identified vulnerabilities and system change requests.
- Drive findings to verified closure through ticketed workflows, coordinating with the separate technical teams that perform system patching, and validate remediation through authenticated re-scans with recorded evidence.
- Maintain regular communication with client and department stakeholders to support collaboration, process improvement, tool tuning, information sharing, and compromise response.
- Monitor government and private-sector vulnerability sources to identify emerging risks that may affect client-managed systems.
- Contribute to vulnerability management reporting and ad hoc compliance deliverables supporting department, DHS, and FISMA requirements.
- Bachelor's degree in a related field, or equivalent experience as allowed by company and contract policy.
- Five or more years of hands-on enterprise vulnerability management and scanning experience.
- Experience administering enterprise scanning platforms such as Tenable.sc, Nessus, Qualys, Rapid7, or similar tools.
- Experience performing credentialed scanning at scale across hybrid environments.
- Experience with host-based, network-based, application, and database vulnerability scanning.
- Direct experience tracking and remediating vulnerabilities against the CISA KEV Catalog and CISA Binding Operational Directives 22-01 and 26-04, successor directives.
- Familiarity with High Value Asset (HVA) assessment requirements.
- Working knowledge of NIST SP 800-53 Rev. 5, FISMA, and FIPS 199.
- Strong analytical, organizational, and communication skills with the ability to work effectively across technical and government stakeholders.
- Ability to meet federal background investigation requirements.
Preferred Qualifications
- Active certification such as CISSP, GIAC (GWAPT, GPEN, GCIA), CompTIA Security+/CySA+, or vendor certifications for Tenable or Qualys.
- Experience with cloud vulnerability scanning in AWS and/or Azure.
- Scripting or automation experience using Python, PowerShell, or similar tools.
- Prior support to federal civilian agency cybersecurity programs.
Benefits
We're invested in the people who make our success possible. As a K2United employee, you'll enjoy a comprehensive benefits package designed to support your professional and personal well-being, including:
- 401(k) with employer matching
- Low-cost medical coverage for employees and their families
- Paid time off
- Paid leave for jury duty, military service, voting, and other qualifying events
- Wellness stipend, including fitness reimbursement
- Tuition assistance
- Casual work environment
- Technical training and certification support
- Complimentary access to CareerSafe online training courses for employees and their immediate family
Equal Opportunity Employer
K2United is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other characteristic protected by applicable law.