Vulnerability Management Engineer

Vulnerability Management Engineer

Requirements

• Bachelor’s degree required or equivalent experience
• 5 – 6 years of relevant experience or demonstrated required level of proficiency
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or equivalent practical experience
• Hands-on experience with tools like Qualys, Nessus, Burp Suite, Fortify, Veracode, or similar platforms
• Familiarity with CI/CD pipelines and integrating security testing tools into DevOps workflows
• Solid understanding of operating systems (Windows, Linux), networking, and databases (Oracle, SQL Server)
• Knowledge of regulatory and security frameworks such as NIST, ISO 27001, OWASP, and PCI DSS
• Experience with systems management tools (e.g., SCCM, Red Hat Satellite) and service management tools like ServiceNow
• Strong analytical mindset with the ability to solve complex problems under pressure
• Demonstrated ability to lead cross-functional initiatives with a high sense of accountability
• High level of accuracy and attention to detail
• Microsoft Excel, PowerPoint, Word, and Python
• Excellent communications skills; written & verbal
• Ability to work independently as well as collaboratively within a team environment

Responsibilities

• Develop and maintain the enterprise vulnerability management lifecycle and scanning strategy
• Schedule and perform authenticated and unauthenticated vulnerability scans (adhoc and periodic)
• Analyze scan results, prioritize vulnerabilities using CVSS and threat intelligence, and coordinate timely remediation
• Align scan coverage with Configuration Management Database (CMDB) and asset inventory
• Generate actionable reports and track metrics to demonstrate risk reduction and remediation progress
• Continuously tune scanning processes and tools to improve accuracy and efficiency
• Integrate security testing into the Software Development Lifecycle (SDLC) across waterfall and agile environments
• Conduct Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA)
• Work with development and DevOps teams to remediate vulnerabilities found in source code, APIs, and open-source components
• Define secure coding requirements and conduct code reviews for critical applications
• Support threat modeling and secure design reviews for new applications and services
• Provide security guidance and escalation support for business-critical initiatives and change requests
• Perform risk assessments and control gap analyses against internal security policies and frameworks (e.g., NIST CSF, ISO/IEC 27001)
• Support audits, regulatory reviews (e.g., SOX, GLBA), and related governance activities
• Collaborate with global and local Information Security and IT teams to align vulnerability and application security standards
• Develop and report meaningful KPIs/KRIs related to vulnerability and application security
• Other duties as assigned or requested by immediate supervisor

Preferred Qualifications

• Spanish is a plus