AutoRABIT Background
AutoRABIT was founded in 2015 to help organizations in regulated industries regain control of their Salesforce development processes and move toward continuous delivery of value to their customers and employees. Today, AutoRABIT’s suite of release management tools is the most comprehensive and secure on the market, and our customers are realizing the benefits of faster, more secure deployments in their Salesforce environments.

Who We Are
AutoRABIT is a worldwide company with team members from a variety of industries who all share the goal of making the working lives of our clients safer and easier.

What We Do
Our automated solutions help everyone touching the Salesforce DevOps pipeline to reduce manual touchpoints, strengthen data security, and increase the value they provide to their customers. We embody DevOps principles in the way we think and work— offering our example, advice, and inspiration to guide our clients.

Why It Matters
AutoRABIT clients handle their customers’ most sensitive data. Our products help them protect their customers by protecting this data while simultaneously streamlining and simplifying their business processes.

About the Role

Responsibilities

• Assist in scheduling, tuning, and executing vulnerability scans using Qualys VMDR across Windows, Linux, and containerized systems
• Review, validate, and analyze scan results, identifying false positives and prioritizing vulnerabilities based on risk and asset criticality
• Work with IT and DevOps teams to track and validate remediation efforts, escalating issues as needed
• Maintain documentation of vulnerabilities, exceptions, and remediation timelines in alignment with FedRAMP Continuous Monitoring (ConMon) requirements
• Support the generation and maintenance of POA&M records and vulnerability reporting artifacts
• Stay informed on emerging threats, CVEs, and relevant patches
• Assist in compliance and audit readiness tasks, particularly around vulnerability evidence gathering
• Contribute to playbooks, process improvements, and internal knowledge bases
• Responsibility to adhere to set internal controls.

Requirements

• Must be a U.S. Citizen or Green Card Holder. We cannot hire people with another status for this role per the government project assigned to this role.
• 1–2 years of experience in information security or IT systems support
• Familiarity with Qualys VMDR, Tenable, or similar vulnerability scanning tools
• Basic understanding of vulnerability lifecycle management, CVSS, and patching workflows
• Exposure to Windows and Linux operating systems, cloud platforms (e.g., AWS), and containerized environments is a plus
• Detail-oriented with strong communication and documentation skills
• Ability to work collaboratively with cross-functional teams
• Familiarity with compliance frameworks such as FedRAMP, NIST 800-53, or CIS Benchmarks is a strong plus
• Willingness to learn and grow within a structured security program

Preferred but Not Required

• Hands-on experience analyzing Qualys scan output
• Knowledge of STIGs, CIS controls, and/or OpenSCAP
• Experience with vulnerability tracking tools, Excel-based POA&Ms, or GRC platforms
• Security-related certification(s) (e.g., Security+, CySA+, Qualys certifications)

What You'll Gain

• Direct exposure to FedRAMP ConMon operations in a live environment
• Skill-building with Qualys and vulnerability triage workflows
• Opportunities to grow into mid-level analyst or engineering roles
• A mission-driven team culture focused on automation, accountability, and security excellence