Enterprise Security Engineer III, Vulnerability Management

About The Position

Requirements

• Minimum of 4 years of experience in information security or a related technical field, with exposure to vulnerability management.
• Hands-on experience with vulnerability scanning tools such as Tenable, Qualys, Rapid7, or similar platforms.
• Understanding of CVE scoring (CVSS), vulnerability prioritization frameworks (SSVC, EPSS), and risk-based remediation approaches.
• Familiarity with patch management processes across Windows, Linux, Mac, and cloud environments.
• Solid technical understanding of networking, operating systems, and common enterprise technologies.
• Experience producing security metrics and reporting for technical and non-technical audiences.
• Strong organizational skills with the ability to track and drive multiple remediation efforts simultaneously.
• Strong analytical, problem-solving, and communication skills.
• Ability to work both independently and collaboratively in a fast-paced environment.
• Relevant certifications such as Security+, GSEC, CEH, or equivalents are a plus.

Nice To Haves

• Active security clearance or ability to obtain and maintain security clearance.
• Bachelor's degree in Computer Science, Information Security, or equivalent professional experience.
• Experience building or maturing a vulnerability management program.
• Familiarity with asset discovery and management tools.
• Experience with cloud security posture management (CSPM) or cloud-native vulnerability scanning in Azure, AWS, or Google Cloud.
• Familiarity with FedRAMP, CMMC, NIST frameworks and their vulnerability management requirements.
• Exposure to manufacturing or operational technology environments.
• Experience working at a startup and/or in the defense industry.

Responsibilities

• Operate and maintain vulnerability scanning infrastructure across cloud, on-prem, and endpoint environments.
• Execute regular vulnerability scans and manage scan schedules, policies, and agent deployments.
• Triage and prioritize vulnerability findings based on exploitability, asset criticality, and business context.
• Track remediation efforts across teams, monitor SLA adherence, and escalate aging vulnerabilities.
• Partner with IT, DevOps, and engineering teams to coordinate patching and remediation activities.
• Maintain accurate asset inventory and ensure scanning coverage across all environments.
• Develop and maintain vulnerability management dashboards, metrics, and reporting for stakeholders and leadership.
• Contribute to the development of vulnerability management policies, standards, and procedures.
• Support compliance efforts by providing vulnerability data and evidence for audits and framework assessments (e.g., CMMC, NIST, FedRAMP).
• Monitor threat intelligence feeds and vendor advisories to identify emerging vulnerabilities relevant to True Anomaly's environment.
• Assist with ad hoc security assessments and penetration testing coordination as needed.
• Stay updated with the latest vulnerability trends, exploitation techniques, and remediation best practices.

Benefits

• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave