Vulnerability Management Engineer

At the University of Minnesota, we are dedicated to changing lives through education, research, and outreach. The University Information Security department (UIS) offers an environment of trust, collaboration, and mission-focused work. We seek an individual who will be responsible for providing guidance and support to the broader University IT community in detecting and addressing security vulnerabilities. This position will manage University vulnerability management tools and provide risk-based prioritization and consultative support to IT staff detecting and remediating security vulnerabilities to maintain compliance with information security policy.

Job Responsibilities:

• Engineer solutions and maintain the University-wide vulnerability management program.
• Develop and manage remediation activities by ensuring departments mitigate vulnerabilities in a
  timely manner based on risk.
• Build integration and automation for vulnerability management tasks.
• Define vulnerability analysis, resolution strategy, and provide input to mitigation proposals.
• Initiate scans and other testing mechanisms as needed.
• Engineer technical solutions to manage exposure to vulnerabilities.
• Collaborate with distributed IT staff and system owners to help them interpret results, validate
  false-positives, and apply patches and remediations.
• Consult with system administrators to understand the operational impact and effort associated
  with mitigations.
• Prioritize and design various vulnerability management tool functions and features.
• Develop metrics to measure the effectiveness of the vulnerability management program and
  mitigation strategies.
• Evaluate and implement technical options for enhanced visibility and decision-making by
  stakeholders at multiple levels.
• Interface, influence, and engage the University's IT community to promote vulnerability
  management across various levels of the organization.
• Provide guidance to comply with University policy and other relevant frameworks.
• Document, manage, and perform auditable procedures.
• Maintain strong knowledge of vulnerability management best practices and familiarity with
  relevant frameworks (CVSS, OWASP Top 10).
• Escalate security issues where appropriate.

*The University of Minnesota is committed to fostering local talent through employment opportunities. While this position utilizes a predominantly remote work modality, prospective applicants must be located either in the state of Minnesota or near the Wisconsin border or otherwise open to relocation.

*Please note, this position is not eligible for H-1B or Green Card sponsorship.

We Offer:

• University paid contribution (10% of your salary) to your retirement account - vested immediately.
• 22 paid vacation days per year, in addition to sick leave and 12 paid holidays.
• Reduced tuition opportunities covering 75% - 100% of eligible tuition.
• Excellent and affordable health care benefits (2023 Enrollment Guide).
• Wellbeing program with opportunity to earn lower health care rates.
• Free disability insurance and employer-paid life insurance.
• Public Service Loan Forgiveness (PSLF) opportunity.
• Financial counseling services.
• Employee Assistance Program with eight sessions of counseling at no cost.
• Employee Transit Pass with free or reduced rates in the Twin Cities metro area.
• Annual merit increase program.

*Please document qualifications on resume.

Required Qualifications:

• Bachelor's degree and 4 years of relevant work experience or a Master's degree plus at least two years of experience.
• At least 2 years of experience in one or more of the following:
  • Vulnerability Management
  • Systems Administration
• Experience providing consultative guidance to diverse teams
• Current technical knowledge and understanding of threats, emerging threats, and vulnerabilities.
• Proficiency in STIGs, CIS benchmarks, and NIST frameworks for system hardening.
• Demonstrated ability to manage projects and/or programs, including prioritization of efforts.
• Excellent communication (oral, written, presentation), interpersonal, and consultative skills.

Preferred Qualifications:

• Strong understanding of vulnerability management best practices and familiarity with relevant frameworks (CVSS, OWASP Top 10).
• Experience with vulnerability management governance structures in a large/decentralized organization.
• Knowledge or experience with relevant information security and regulatory frameworks such as CIS, PCI, HIPAA, NIST, CMMC
• One or more relevant security related certifications (e.g. GSEC, Security+).
• Coding/scripting experience (e.g. python, powershell, etc.).
• Experience with deployment, maintenance and use of vulnerability scanning and testing tools (Rapid7, Tenable, Qualys or others).
• Demonstrated process improvement and/or process design experience, including supporting technical documentation

The Office of Information Technology (OIT) is the University's central IT unit and provides enterprise-level technologies and services that are broadly consumed, core to central administrative business operations, and tend to offer substantial economies of scale. We are part of a larger ecosystem of IT professionals who work in academic and support units systemwide. Local or collegiate IT units often offer discipline-specific, niche, and complementary services to the OIT central services.

Pay Range: $107,000 - $117,000; depending on education/qualifications/experience

Time Appointment: 100% Appointment

Position Type: Faculty and P&A Staff

Please visit the Office of Human Resources website for more information regarding benefit eligibility.

The University offers a comprehensive benefits package that includes:

• Competitive wages, paid holidays, and generous time off
• Continuous learning opportunities through professional training and degree-seeking programs supported by the Regents Tuition Benefit Program
• Low-cost medical, dental, and pharmacy plans
• Healthcare and dependent care flexible spending accounts
• University HSA contributions
• Disability and employer-paid life insurance
• Employee wellbeing program
• Excellent retirement plans with employer contribution
• Public Service Loan Forgiveness (PSLF) opportunity
• Financial counseling services
• Employee Assistance Program with eight sessions of counseling at no cost
• Employee Transit Pass with free or reduced rates in the Twin Cities metro area

While our salary ranges provide a framework, it is important to note that most of the
time, the initial pay may not reach the maximum of the range. This approach ensures
that compensation reflects the value and unique contributions of each candidate while
maintaining equity within our organization. As part of our commitment to fair and
equitable compensation, please be aware that the salary offered to incoming candidates
will be based on their individual credentials and experience.

Applications must be submitted online. To be considered for this position, please click the Apply button and follow the instructions. You will have the opportunity to complete an online application for the position and attach a cover letter and resume or CV.

Required application materials: resume and cover letter.

This position will remain open until filled.

To request an accommodation during the application process, please e-mail employ@umn.edu or call (612) 624-8647.

The University recognizes and values the importance of diversity and inclusion in enriching the employment experience of its employees and in supporting the academic mission. The University is committed to attracting and retaining employees with varying identities and backgrounds.

The University of Minnesota provides equal access to and opportunity in its programs, facilities, and employment without regard to race, color, creed, religion, national origin, gender, age, marital status, disability, public assistance status, veteran status, sexual orientation, gender identity, or gender expression. To learn more about diversity at the U: http://diversity.umn.edu

Any offer of employment is contingent upon the successful completion of a background check. Our presumption is that prospective employees are eligible to work here. Criminal convictions do not automatically disqualify finalists from employment.

The University of Minnesota, Twin Cities (UMTC)

The University of Minnesota, Twin Cities (UMTC), is among the largest public research universities in the country, offering undergraduate, graduate, and professional students a multitude of opportunities for study and research. Located at the heart of one of the nation's most vibrant, diverse metropolitan communities, students on the campuses in Minneapolis and St. Paul benefit from extensive partnerships with world-renowned health centers, international corporations, government agencies, and arts, nonprofit, and public service organizations.

At the University of Minnesota, we are proud to be recognized by Forbes as a Best Employer for Company Culture (2026), Best Employer for Women (2023), and Best Employer by State (2022-2026). In 2026, we also received Culture Excellence & Industry Awards recognition for employee appreciation and work-life flexibility.