Vulnerability Management Engineer

The Vulnerability Management Engineer will oversee the full lifecycle of vulnerabilities—detecting, analyzing, prioritizing, and driving remediation across the organization’s applications and infrastructure. This role requires strong technical knowledge of CI/CD pipelines, SSDLC practices, modern scanning technologies, and hands-on automation capabilities to enhance efficiency and coverage.

• Vulnerability Lifecycle Ownership: Lead the end-to-end process from identification and triage to remediation tracking and final reporting, ensuring timely and effective resolution.
• Tool Integration & Operationalization: Embed and maintain vulnerability scanning capabilities within CI/CD and SSDLC workflows, including solutions for SAST, DAST, secret scanning, and container scanning.
• Automation Development: Build and maintain automation scripts—preferably in Python—to optimize scanning processes, data collection, analysis, and reporting dashboards.
• Root Cause & Risk Analysis: Evaluate vulnerabilities to determine underlying causes and recommend practical, long-term security controls.
• Threat Modeling: Conduct threat modeling sessions using system architecture diagrams and design documents to identify potential attack paths and security gaps.
• Cross-Team Collaboration: Work closely with engineering, infrastructure, DevOps, and risk teams to support remediation planning and reduce risk exposure.
• Clear Stakeholder Communication: Translate technical vulnerability details into clear, actionable insights for both technical and non-technical stakeholders, including explanations of business impact and mitigation strategies.
• Process Improvement: Continuously refine vulnerability management processes, metrics, and tools to strengthen overall security posture and operational efficiency.

• Education: Degree in Computer Science, Information Security, or a relevant field.
• Experience: Hands-on vulnerability management experience within CI/CD or SSDLC environments.
• Technical Skills: Proficiency with vulnerability scanning tools such as OSS, SAST, and Container Scanning tools. Strong scripting and automation capability, especially using Python. Solid understanding of secure coding standards and common vulnerabilities, including the OWASP Top 10. Experience performing root cause analysis and developing realistic remediation strategies.
• Threat Modeling: Familiarity with established threat modeling techniques and tools.
• Soft Skills: Strong communication skills with the ability to present findings clearly to diverse stakeholders. Effective stakeholder management and the ability to influence remediation decisions.

Advantageous:

• Offensive security certifications such as OSCP, CEH, or GPEN.
• Experience managing vulnerabilities in large, complex enterprise environments.
• Knowledge of cloud-native security and securing containerized applications.