Overview
Salary: $90-92 Hourly $92 / hourly as W2
Vulnerability Management Engineer Remote $92 / hourly as W2
About the Role
Join our Cybersecurity team as a Senior Vulnerability Management Engineer, where you will play a critical role in proactive defense. You won't just run scans and pass along reports; you will own the end-to-end lifecycle of vulnerability reduction across a modern, complex ecosystem (Infrastructure, Cloud, Containers, and Applications). We are looking for a sharp analytical thinker who can look at a mountain of vulnerability data, pinpoint the true high-risk exposures, and collaborate with engineering teams to neutralize threats before they can be exploited.
Key Responsibilities
- Advanced Triage & Validation: Validate and prioritize vulnerability findings from internal/external scans, attack surface management tools, and threat intelligence. Separate the signal from the noise.
- Risk-Based Prioritization: Assess real-world severity, exploitability, business impact, and compensating controls to drive a smart, risk-based remediation strategy.
- Stakeholder Collaboration: Act as the bridge between security and engineering. Guide technology owners through routing, remediation tracking, and closure validation.
- Rapid Threat Response: Support "PatchNow" critical events and zero-day escalations by quickly mapping blast radiuses, identifying owners, and tracking emergency remediation.
- Process Optimization: Don't just accept broken workflows. Identify recurring risk patterns and data quality issues, and recommend automation or tooling improvements to streamline our operations.
Qualifications
Minimum Qualifications (Must Haves):
- Experience: 3+ years of dedicated, hands-on experience in Vulnerability Management within an enterprise-scale environment.
- Core Tooling: Proven proficiency with enterprise vulnerability scanning platforms (specifically Qualys, Tenable/Nessus, or Wiz).
- Modern Architecture: Solid understanding of vulnerability lifecycles across cloud platforms (AWS, Azure, or GCP) and containerized workloads (Kubernetes, Docker).
- Data Savvy: Experience manipulating large datasets and vulnerability reports to extract actionable insights.
- Communication: Exceptional ability to translate complex technical vulnerabilities into clear, actionable remediation steps for both systems engineers and non-technical business leaders.
Preferred Qualifications (Nice to Haves):
- Automation & Scripting: Ability to write scripts or utilize APIs (Python, PowerShell, SQL, or Power Query) to automate repetitive validation and reporting tasks.
- Regulated Environments: Experience navigating security compliance in financial services or highly regulated sectors (PCI DSS, FFIEC).
- Data Visualization: Experience building dashboards in Power BI or Excel to track remediation metrics and trends.
- Modern Workflows: Familiarity with AI-assisted productivity tools or prompt-based workflows for data analysis.
- Certifications: Security+, CySA+, CISSP, or cloud provider security certifications.
|