What We’re Looking For

The Vulnerability Management Engineer III plays a crucial role in safeguarding our organization's technology assets by actively participating in the implementation and operations of our Vulnerability Management program. This program aims to identify, assess, prioritize, communicate to asset and product remediation owners vulnerabilities in both their production and enterprise assets, supporting a robust security posture for the organization. 

The ideal candidate will possess a combination of technical expertise, a deep comprehension of vulnerability management best practices and a desire to work smart and hard.

What You Will Do

Assist in maintaining a comprehensive vulnerability management program aligned with industry standards and best practices. Adhere to established policy, guidelines and procedures. Collaborate with IT/Enterprise, Security/Compliance, Engineering/Production and Leadership teams, support vulnerabilities being addressed in accordance with company policy and/or applicable frameworks. Aggregate vulnerability assessment results from partner teams, utilizing automated tools and manual reviews to identify potential weaknesses in systems, networks, and applications. Prioritize vulnerabilities based on severity, risk level, real threat indicators and potential impact on the organization's operations and reputation. Provide IT Asset and Product remediation owners with vulnerability remediation and/or mitigating workaround options for identified vulnerabilities and collaborate with such asset owning teams to support their timely resolution efforts. Monitor and track the progress of vulnerability remediation efforts, providing regular reports on the overall effectiveness of the program. Stay abreast of emerging threats, vulnerabilities, and mitigation techniques through ongoing research, threat feeds and professional development. Support and maintain a culture of general vulnerability risk awareness within the organization and aid in the proactive development of the company’s vulnerability management initiatives.  

What You Need to Succeed

Bachelor's degree in computer science, information technology, or a related field. Four or more years of hands-on experience in vulnerability management in either production or enterprise asset environments. Excellent verbal and written communication and interpersonal skills to engage effectively with stakeholders at all levels of the organization. Strong analytical and problem-solving abilities to identify and resolve complex vulnerability issues. Familiarity with industry-standard vulnerability management tools and technologies, including vulnerability scanners, threat intelligence platforms, and patch management systems. Understanding of relevant industry standards and regulations, such as PCI DSS, ISO 27001, CIS, NIST Cybersecurity Framework, HITRUST, FEDRAMP and the HIPAA Security Rule. Maintain a coachable and team-player attitude with a desire to collaborate for the purpose of continuous improvement of the vulnerability management program’s posture.

What Helps You Stand Out

Experience with security risk assessment and management, including threat modeling and risk analysis. Familiarity with incident response and disaster recovery procedures. Familiarity with Appsec and LLM and ML security best practices Experience with analyzing and application of baseline hardening configurations (e.g., CIS benchmarks). General working knowledge and understanding of web-based Git repositories (e.g., GitHub, GitLab, etc.). Knowledge of cloud security and DevSecOps practices, including secure software development methodologies, container security, and cloud security controls. Certifications related to vulnerability management or information security, such as Security+, CySA+, PenTest+, GEVA, CVA, CEH, and/or OSCP. Preferred experience with on-prem, hybrid, or cloud infrastructure (AWS/Azure), Crowdstrike, Qualys, Tenable, SonarCube, Wiz, GHAS, Nucleus Security, BurpSuite, etc.