Vulnerability Management Engineer

Manage vulnerability programs for IT assets, containers (e.g., Docker, Kubernetes), and base golden images across operating systems (Windows, Linux, Unix).

Conduct regular scans using industry-standard tools.

Analyze and prioritize vulnerabilities based on risk, exploitability, and asset criticality.

Track and report remediation progress.

Collaborate with IT, DevOps, and development teams for timely remediation.

Develop policies and remediation plans, including golden image review processes.

Support incident response for vulnerability exploits.

Assess risks and recommend mitigation strategies.

Create executive dashboards on vulnerability and golden image security status.

Communicate findings to technical teams and leadership.

Maintain accurate vulnerability, asset, and golden image inventories.

Stay updated on emerging threats, vulnerabilities, and golden image security best practices.

Recommend tools for vulnerability, container, and golden image security management.

Support penetration testing, audits, and security training.

2+ years in vulnerability management, cybersecurity or related experience.

Deep, hands‑on expertise with leading vulnerability scanning platforms (Tenable, Qualys, etc.).

Assessment of golden image reviews for Windows, Linux, Unix, and Containers.

Familiarity with network protocols, operating systems, and cloud platforms (AWS, Azure, GCP).

Experience with patch and configuration management tools (e.g., Tanium, Intune, SSM, JAMF).

Expert understanding of the vulnerability lifecycle, risk assessment, and advanced prioritization techniques (CVSS, EPSS, CWE, CISA KEV).

Understanding of frameworks like NIST, OWASP.

Familiarity with compliance standards (e.g., PCI DSS, SOX).

Knowledge of threat modeling and penetration testing; familiar with scripting languages.

Strong critical thinking and analytical skills.

Ability to approach problem solving in a constructive and collaborative way that does not require absolute security.

• The ability to communicate complicated technical issues and risks to programmers, network engineers and managers.
• Strong project and team‑building skills.
• Exceptional communication skills with diverse audiences; the ability to be an application security subject‑matter expert who can explain relevant topics to general audiences.

Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience.

Certifications in the field of Information Security (at least one of the following: CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB).

A minimum of 2 years of experience.