Staff Information Security Engineer (Vulnerability Management)

Zscaler is expanding its U.S. Federal operations to support customers across multiple government departments. We are looking for a Staff Information Security Engineer who will report to the Senior Manager of Information Security Engineering to operate as a vulnerability management engineer inside the U.S. Federal IL6 (SCIF) environment. This is a fully onsite role based in the Crystal City / Arlington, VA area. The position operates strictly within a U.S. SCIF environment, requiring autonomy and adherence to one-way diode transfer protocols with no access to external networks or corporate systems.

What you’ll do (Role Expectations)

• Designing and running authenticated/unauthenticated network and host scanning using IL6-approved tools in air-gapped environments (e.g., Tenable.sc / Nessus Manager or similar)
• Building Python/Go/PowerShell automations for scan orchestration, asset onboarding, policy tuning, and diode-ready reporting formats
• Driving collaboration with IL6 service owners to eliminate exploitable risks and manage patch/hardening campaigns
• Producing weekly and monthly reporting aligned to IL6 program cadence and diode data transfer policies
• Maintaining documentation, including runbooks, SOPs, exception governance, and change control processes within the SCIF

Who You Are (Success Profile)

• You thrive in ambiguity. You're comfortable building the path as you walk it. You thrive in a dynamic environment, seeing ambiguity not as a hindrance, but as the raw material to build something meaningful.
• You are a problem-solver. You seek out challenges because you are energized by finding solutions, knowing that solving the hard problems delivers the biggest impact.
• You are a learner. You have a true growth mindset and never stop developing yourself, actively seeking feedback to become a better partner and a stronger teammate. You love what you do and you do it with purpose.
• You operate with urgency. You understand that in a high-growth environment, speed and quality are not mutually exclusive. You have a relentless focus on execution and a bias for action, delivering high-impact results quickly to win for the customer and the team.
• You lead with integrity. You do the right thing, even when it’s hard. You hold yourself and others to a high standard of accountability and build trust by matching your words with consistent, transparent action.

What We’re Looking for (Minimum Qualifications)

• U.S. citizenship with an active U.S. Top Secret (TS) clearance (must be maintained)  
• 5+ years of experience with one or more of the following:
• Vulnerability Management
• Experience with Tenable.sc/Nessus Manager or equivalents
• Experience with CSPM concepts and/or Web Application Scanning (WAS) methodologies with solid understanding of risk-based prioritization (CVSS, EPSS), remediation lifecycle, and SLA governance
• Scripting skills in Python, Go, or PowerShell for automation in disconnected environments

What Will Make You Stand Out (Preferred Qualifications)

• DoD 8570/8140 IAT Level II certification (e.g., Security+ CE, GSEC, SSCP, CySA+)
• Understanding of cloud and container platforms adapted to classified environments (e.g., AWS C2S/SC2S constructs, ECS/Kubernetes, VM hardening), and external attack surface concepts within constrained perimeters
• Exposure to FedRAMP High/Moderate operations, including monthly monitoring programs (scanning, evaluation, patching, reporting) and familiarity with Jira/ServiceNow for ticketing and exception management in isolated environments

#LI-Onsite #LI-KM9