Vulnerability Scan Engineer

About The Position

Requirements

• 3+ years of hands-on experience with Tenable.io, Tenable.sc, and Nessus Agents.
• Strong understanding of NAT, PAT, Firewalls, and Load Balancers and how they impact scan accuracy and scanner placement.
• Deep knowledge of Windows Registry, Linux config files, and the ability to explain why credentialed scanning is necessary to IT Managers.
• A strong ability to analyze scan logs and results to identify root causes of failures and distinguish between legitimate vulnerabilities and false positives.
• You don't just restart a failed scan; you dig into the data to find the fix. You can pivot easily between legacy OT environments and ephemeral cloud stacks.
• Excellent technical communication skills with a "customer-first" mindset and the ability to act as a partner to a client's IT team.

Nice To Haves

• Previous experience managing multi-tenant environments (MSP experience) or multiple clients simultaneously.
• Tenable Certified Professional (Highly Desired), CompTIA PenTest+, Security+, or GIAC Critical Controls Certification (GCCC).
• Experience running scans for specific regulatory compliance frameworks such as PCI-DSS or HIPAA.
• Deep understanding of hardening standards and translating technical vulnerabilities into actionable remediation plans for leadership.

Responsibilities

• Multi-Client Platform Management & Operations
• Tier 2 Support: Act as an escalation point for the analyst team on scanning-related cases across Tenable.io and Tenable.sc (managed and on-prem) consoles.
• Scanning Operations: Design and execute complex scan schedules, including discovery, credentialed vulnerability assessments, and web application scans (WAS).
• API & Integration: Utilize the Tenable API to push data into central ticketing systems or SIEMs to streamline the remediation workflow and automate manual tasks.
• Vulnerability Administration & Maintenance
• Daily Health Monitoring: Conduct console checkups to identify "stuck" scans, scanner connectivity issues, or credential failures across On-prem, Cloud, and Hybrid architectures.
• Exclusion & Exception Management: Work with client stakeholders to document and manage scan exclusions and risk acceptances to resolve conflicts without compromising security.
• Scanner Troubleshooting: Troubleshoot broken Nessus agents and network-related scan gaps (NAT/Firewalls), coordinating directly with client IT contacts for remediation.
• Console Hygiene: Efficiently sort through "vuln-speak" and false positives to develop custom Dashboards and automated reports that translate technical data into business risk.
• Operational Excellence & Reporting
• Own the Queue: Manage incoming vulnerability-related support tickets, providing rapid response and clear technical communication to both internal teams and non-technical stakeholders.
• Accuracy & Quality: Vet results before they reach the client to ensure high credibility, ensuring that "False Positives" are minimized through rigorous policy tuning.
• Continuous Learning: Stay current with common hardening standards (CIS, NIST) and regulatory frameworks (PCI-DSS, HIPAA, SOC2) to improve assessment workflows.

Benefits

• Comprehensive Health & Wellness: Robust medical insurance options to keep you and your family healthy.
• Employer-Covered Insurance: We fully provide employer-paid Dental coverage, as well as Short-Term (STD) and Long-Term Disability (LTD).
• Generous Time Off: We believe in a true work-life balance. You’ll start with 3 weeks of paid vacation, plus additional sick leave and paid company holidays to ensure you have time to recharge.
• Exposure: You’d see more unique network configurations in six months here than most engineers see in their entire career.
• Growth & Mentorship: Access to world-class training and mentorship. We support your career trajectory, there is a clear path to Senior Security Analyst or Lead SOC Analyst.
• Tools: Access to the latest Tenable modules, including Lumin, OT Security and ExposureAI.