Information Security Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• 3+ years of experience in information security, with a strong emphasis on vulnerability management.
• Hands-on experience with scanning tools (e.g., Tenable, Qualys, Rapid7).
• Solid understanding of network architecture , operating systems (Linux, Windows), and web applications .
• Familiarity with CVSS scoring , risk modeling, and remediation prioritization frameworks.
• Excellent communication and problem-solving skills; ability to clearly explain security findings to non-security audiences.
• Experience with compliance frameworks such as PCI DSS, NIST, HIPAA , or ISO 27001 .

Nice To Haves

• Ability to work with scripting or automation tools (Python, PowerShell, Bash) is a plus.
• Relevant certifications are a plus (e.g., CISSP, Security+, LFCS, RHCSA ).

Responsibilities

• Lead the end-to-end vulnerability management lifecycle : scanning, analysis, prioritization, reporting, and remediation tracking.
• Perform regular vulnerability assessments and support remediation efforts in collaboration with infrastructure and application teams.
• Track and assess emerging threats and zero-day vulnerabilities using vendor bulletins and threat intelligence feeds.
• Generate reports and dashboards to communicate risk posture and mitigation progress to technical and executive stakeholders.
• Maintain and optimize vulnerability scanning tools to ensure full visibility and accurate detection across the environment.
• Assist in security incident response involving known or suspected exploited vulnerabilities.
• Support regulatory and compliance audits (e.g., PCI, NIST, HIPAA ) by providing documentation and metrics.
• Continuously improve processes, documentation, and tooling in the vulnerability management program.