Technology Vulnerability Management Engineer

About The Position

Requirements

• After orientation at Cooley LLP, exhibit proficiency in the Microsoft 365, MECM, Intune, iManage and other firm applications
• Ability to work extended and/or weekend hours, as required
• 2+ years of experience in cyber security, vulnerability management, or penetration testing. Senior candidates must have 5+ years' directly applicable experience in the field
• Strong hands-on experience conducting vulnerability scans, including configuration and use of tools such as Tenable, Qualys, Rapid7
• Knowledge of cybersecurity frameworks, controls and standards, and best practices
• Solid understanding of Windows/Linux, networks, web/application stacks, and at least one major cloud provider (AWS/Azure)
• Proficiency in Python or PowerShell and REST APIs; ability to build repeatable pipelines/dashboards
• Familiarity with CVSS, KEV, EPSS and how they align with risk frameworks
• Extensive knowledge and experience generating and disseminating easily digestible metrics and report to system owners and leadership

Nice To Haves

• Bachelor's Degree in Information Technology or Computer Information Systems
• Knowledge of the Mitre ATT&CK framework and NIST Cyber Security Framework
• Familiarity with common security controls in the enterprise (Firewall, Proxy, AV, SIEM, etc.)
• Experience with incident response procedures
• Extensive knowledge and understanding of security issues, techniques, and implications across multiple computer platforms
• Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams
• Solid knowledge and understanding of security regulations and best practices such as the ISO 27000 family of standards
• Demonstrated experience communicating technical information to business clients and less experienced technologists
• CISSP, CISM or equivalent
• Experience with CI/CD pipelines
• Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, GCP)
• Cloud Security Alliance (CCSP, CCSK) (ISC)2
• Additional security certifications

Responsibilities

• Support the development and continuous optimization of vulnerability management services, including scanning cadence, exception handling, SLAs and alignment with security controls
• Build and maintain standards, playbooks, and repeatable processes to improve the efficiency and maturity of the vulnerability management program
• Administer and optimize enterprise vulnerability management platforms (e.g., Tenable/Qualys/Rapid7), ensuring accurate coverage across assets
• Integrate asset context from CMDB, EDR, and cloud inventory to drive effective risk-based prioritization
• Build automation for data ingestion, deduplication, ticketing, and reporting using APIs, scripting, and other tools to improve data quality and reduce false positives
• Analyze and interpret vulnerability scan results to assess severity, validate findings, and provide actionable remediation recommendations
• Publish dashboards and reports tailored for engineers, management, and executive leadership to communication progress and risk
• Drive remediation efforts, including patching, configuration baselines, and compensating controls, and validate results through rescans or attestations
• Partner with developers, DevOps, and other stakeholders to implement "shift-left" practices such as pipeline scanning, container/base-image hygiene, and Infrastructure-as-Code (IaC) hardening
• Collaborate with cross-functional teams to implement security solutions and controls that mitigate identified vulnerabilities
• Support audits, assessments, and regulatory compliance requirements by providing accurate documentation and evidence
• Identify opportunities for process improvements, tool optimization, and template standardization to increase efficiency and reduce operational overhead
• Stay current on emerging threats, vulnerabilities, and industry best practices to ensure the program remains effective and modern
• Contribute to advanced security testing activities such as penetration testing, application reviews and targeted vulnerability assessments as needed
• Assist with incident response activities by providing vulnerability context, supporting root cause analysis, and helping to validate containment and remediation actions
• All other duties as assigned or required

Benefits

• Cooley offers a competitive compensation and excellent benefits package and is committed to fair and equitable employment practices.
• We offer a full range of elective benefits including medical, health savings account (with applicable medical plan), dental, vision, health and/or dependent care flexible spending accounts, pre-tax commuter benefits, life insurance, AD&D, long-term care coverage, backup care for children and/or adults and other parental support benefits.
• In addition to elective benefit options, benefited employees receive firm-paid life insurance, AD&D, LTD, short term medical benefits as well as 21 days of Paid Time Off ("PTO") and 10 paid holidays each year.
• We provide generous parental leave and fertility benefits.
• New employees will attend a detailed benefit orientation to learn more about our many benefits and resources.