Job Summary:
The Vulnerability Management Security Engineer is responsible to assist the Security Operations team in the comprehensive execution and management of vulnerability identification, assessment, and remediation processes across the organization. This role includes deploying and operating vulnerability assessment tools, refining scan results, providing technical assistance in coordinating with internal teams for remediation, and providing actionable insights to enhance the organization's security posture. The individual in this role must have a solid understanding of information security, risk assessment methodologies, and remediation best practices to address vulnerabilities effectively. The engineer will work closely with IT, development, and compliance teams to ensure that risks are managed within acceptable thresholds and regulatory requirements.
Principal Responsibilities:
Distinguishing Characteristics:
Technical Expertise in Vulnerability Management: The engineer should have deep expertise in vulnerability management tools and technologies, such as Qualys, Tenable, Rapid7, or similar platforms, and be skilled in configuring, tuning, and optimizing these tools.Experience in Network Engineering: Demonstrated proficiency in managing and troubleshooting layer 2 and layer 3 devices.Proficiency in Scripting Languages: Experience with scripting languages such as Python for automating tasks, developing custom scripts, and enhancing system administration workflows, with an ability to write, debug, and optimize code for various operational needs.Analytical and Problem-Solving Skills: This role demands a strong ability to analyze scan data, understand complex infrastructure dependencies, and devise actionable and efficient remediation plans.Communication and Coordination Abilities: This position requires excellent interpersonal skills to communicate vulnerability issues clearly to non-technical stakeholders and to coordinate remediation efforts across diverse teams.Risk-Based Approach to Security: A successful engineer will apply a risk-based approach to vulnerability prioritization and mitigation, focusing resources on the most impactful issues, and balancing security needs with business goals.Industry certifications such as CISSP, CASP, or GIAC are a plus.Relevant vendor specific certifications are a plus.Work Experience:
Typically, 5+ years with bachelor's or equivalent.Education and Certification(s):
Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills.