Senior Vulnerability Engineer

About The Position

Requirements

• Bachelor's degree or equivalent practical experience.
• Seven (7) or more years of experience in vulnerability remediation, patch and configuration management, and operational security engineering in fast-paced environments.
• Strong troubleshooting and hands-on remediation skills, including patching, configuration changes, validation and verification, and evidence collection.
• Demonstrated high skill in ServiceNow Vulnerability Response (VR), including vulnerability groups and items, routing and assignment, SLA and aging management, evidence capture, exception and risk acceptance workflows, and audit-ready closure.
• Clear, concise communicator (written and verbal) with demonstrated ability to set expectations, influence without authority, and coordinate across multiple IT teams in a matrixed environment.
• Experience with vulnerability scanning and exposure management tools (e.g., Rapid7, Wiz) and reporting/analytics (e.g., Power BI); ability to translate data into action.
• Demonstrated ability to operate as a self-starter with minimal oversight, manage multiple workstreams, set expectations, and drive remediation to closure.
• Experience in the financial services industry with proven regulatory and compliance discipline.
• Strong analytical skills with the ability to translate vulnerability data into remediation plans, operational metrics, and risk-based communication.

Responsibilities

• Drive remediation of tool-identified vulnerabilities by validating applicability and asset context, determining the appropriate remediation approach (patch, configuration change, compensating control), coordinating execution with IT teams, and verifying closure.
• Serve as a ServiceNow Vulnerability Response (VR) subject matter expert, including vulnerability group and item management, routing and assignment, SLA and aging tracking, evidence capture, exception and risk acceptance workflows, and audit-ready closure.
• Conduct monthly KPI/KRI and SLA health reviews; communicate risk and progress clearly, set expectations, and drive timely decisions with leadership and stakeholder teams.
• Develop and drive remediation action plans (owners, milestones, and escalation paths) for critical and high-severity vulnerabilities; maintain momentum and accountability in a fast-paced environment.
• Build and maintain actionable dashboards and reporting (Power BI and ServiceNow VR) that communicate remediation health, SLA risk, vulnerability aging, and trend insights.
• Facilitate exception and risk acceptance requests by ensuring documentation quality, appropriate approvals, defined expiration dates, and end-to-end tracking of compensating controls.
• Provide routine (daily/weekly) stakeholder updates that clearly communicate status, next steps, owners, and estimated timelines; escalate when expectations or SLAs are at risk.
• Document and continuously improve standard operating procedures (SOPs) and coach junior team members on remediation workflows and ServiceNow VR best practices.