Vulnerability Management Engineer

100% Remote

Vulnerability Management Engineer

Key Responsibilities
Conduct vulnerability scans, analyze reports, and validate potential findings; contribute to process improvements; and documentation.
Configure and manage vulnerability scanners for both VM and Container (Kubernetes) environments, including their integration into Client’s software development lifecycle.
Track and guide Vulnerability remediation efforts across the organization. Escalate issues and problems when needed.
Coordinate PCI-DSS vulnerability scans, and support other compliance and risk management activities in the area of Vulnerability Management
Must be able to interface and coordinate work efficiently and effectively with business colleagues and vendors in global locations and time zones


Requirements:
3 to 5 years of demonstrated ability within information security vulnerability management including the remediation process to address Operating System (Linux/Unix) vulnerabilities and misconfigurations.
Experience with Kubernetes environments that include building, deploying and supporting containerized images in Cloud environments.
Experience with continuous delivery and integration (CI/CD) in Cloud and infrastructure engineering, and related tools (Jenkins/Tekton, Github etc.) and experience with programming or scripting languages such as Python/Go, or Bash/PowerShell.
Self-starter with a bias towards action and can thrive in a fast-paced and ambiguous environment

Desired qualifications:
Experience with security vulnerability management tools is a plus (e.g. Tenable, Anchore).
Knowledge of industry standard Risk scoring methodologies (CVSS, EPSS etc.)
Experience with data analytics (querying, analysis and visualization) solutions (Client, Hadoop etc.) is a plus
Experience using ServiceNow, including features (related to Vulnerability Response and Orchestration) within ServiceNow is highly preferred


E-Verify: United States Employment Opportunities Only

E-Verify is an internet-based system operated by the Department of Homeland Security and the Social Security Administration and allows employers to confirm an individual’s employment eligibility to work in the United States. Under the E-Verify rules, effective September 8, 2009, federal agencies subject to the Federal Acquisition Regulation are required to modify, and include in new contracts, a provision that requires federal contractors and subcontractors to use E-Verify. ITCO Solutions is required to adhere to these requirements.

This message is intended for the use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.