Vulnerability Management Engineer

About The Position

Requirements

• Demonstrate strong customer service and communication skills, both oral and written with the ability to build relationships at all levels
• Possess experience, and demonstrated success, developing and managing an organizational vulnerability management program
• Demonstrate fundamental knowledge of network vulnerability scanning technologies
• Demonstrate an understanding of Web Application Security vulnerabilities and mitigating defenses
• Possess experience with vulnerability remediation management and patching
• Have knowledge of vulnerability management best practices from NIST, ISO, PCI, OWASP, and CIS
• Possess experience in deploying and operating vulnerability scanning infrastructure, services and solutions
• Leverage fundamental technical skills in the following areas: Active Directory Windows Linux Networking
• Are proficient in the use of data manipulation, dashboard and reporting tools
• Have earned industry recognized certifications, such as GEVA, CISSP, CISM, GPEN, GIAC, CISA, etc.
• Possess security consulting or managed services experience

Responsibilities

• Deliver vulnerability management as a service, overseeing multiple workstreams while meeting specific service-level (SLA) commitments.
• Manage the full remediation lifecycle by collaborating with infrastructure and application owners on security hot-fixes and patch validation.
• Perform discovery and grouping of network-connected systems to ensure comprehensive scanning across networks, OSs, apps, and databases.
• Conduct regular scans on both production and pre-production deployments to identify flaws before and after release.
• Create remediation reports and dashboards to track vulnerabilities and remediations
• Assist with attestation scan and compliance report
• Analyze vulnerabilities to filter false positives and prioritize remediation based on the actual risk of exploitation.
• Develop remediation action plans and generate tickets for system owners to address identified flaws.
• Speak in-depth on hardening guidelines (NIST, CIS) and implement mitigation factors (Firewalls, IDS/IPS) to reduce risk when patching isn't immediate.
• Analyze new technologies, zero-day threats, and reviews of new technology released by supported vendors to provide mitigation strategies.
• Develop and document Standard Operating Procedures (SOPs) and assist in maintaining automation and scripting tools.
• Support cyber incident response teams with vulnerability discovery and identification during crisis management.
• Mentor, coach, and train other team members while producing educational content like blog posts and vulnerability summary sheets for customers.
• Handle customer escalations regarding technology or remediation issues to ensure successful service delivery.

Benefits

• Medical, dental, vision, and disability insurance
• Flexible Time Off (FTO), 12 company holidays, sick leave and 8-Weeks Paid Parental Leave
• Unique professional development benefits with Annual “development dollars” to support our people growth and development
• Wellness contests and monthly educational programs
• 401(K) retirement program