Vulnerability Engineer
About The Position
This role will serve as a Vulnerability Engineer within the Division of Information Security (DIS), supporting and maturing the statewide vulnerability management program. The consultant will play a key role in helping agencies reduce risk, improve remediation timelines, and strengthen the overall security posture. This is a multi‑year contract opportunity with an initial term and strong potential for extension. Responsibilities include administration of vulnerability management platforms, coordination with state agencies, vulnerability analysis and prioritization, development and tracking of POA&Ms, stakeholder reporting, and training agencies on best practices for vulnerability remediation and patching. While the role is approved for remote work, candidates who are able to provide onsite support when needed will be prioritized, particularly for project‑based or stakeholder engagement requirements.
Requirements
- Must be eligible to work in US on W-2 without sponsorship
- 5+ Years of experience with vulnerability management tools (Qualys, Tenable, Rapid7)
- 5+ years of experience focused on vulnerability analysis, remediation tracking, platform administration, agency coordination, and risk documentation
- 5+ Years of experience architecting, deploying, configuring, and operating vulnerability management platforms
- 5+ Years of experience with Windows and Linux operating systems
- 5+ Years of experience interpreting and applying CVSS ratings, POA&M tracking, and risk mitigation strategies
- Familiarity with security standards and frameworks such as PCI DSS, NIST, ITIL, CVSS, and MITRE ATT&CK
- Experience in application security and automation / scripting (Python, PowerShell, Bash)
- Prior experience leading statewide vulnerability programs
- CISSP, CISA, CISO, or equivalent advanced security certification
- Additional relevant certifications (e.g., CEH, OSCP, GPEN)
- Strong written and verbal communication skills to support agency coordination and reporting
- Ability to work independently in a remote environment
- Experience supporting large, complex enterprise environments
- Comfort working across multiple agencies and stakeholders
- Willingness to support onsite work when project needs arise
Responsibilities
- Administration of vulnerability management platforms
- Coordination with state agencies
- Vulnerability analysis and prioritization
- Development and tracking of POA&Ms
- Stakeholder reporting
- Training agencies on best practices for vulnerability remediation and patching
Benefits
- Medical, dental & vision
- Critical Illness, Accident, and Hospital
- 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
- Life Insurance (Voluntary Life & AD&D for the employee and dependents)
- Short and long-term disability
- Health Spending Account (HSA)
- Transportation benefits
- Employee Assistance Program
- Time Off/Leave (PTO, Vacation or Sick Leave)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
Number of Employees
501-1,000 employees
