Vulnerability Management Engineer

Vulnerability Assessment & Management

Manage vulnerability programs for IT assets, containers (e.g., Docker, Kubernetes), and base golden images across operating systems (Windows, Linux, Unix).

Conduct regular scans using industry-standard tools.

Analyze and prioritize vulnerabilities based on risk, exploitability, and asset criticality.

Track and report remediation progress.

Security Operations

Collaborate with IT, DevOps, and development teams for timely remediation.

Develop policies and remediation plans, including golden image review processes.

Support incident response for vulnerability exploits.

Assess risks and recommend mitigation strategies.

Reporting & Communication

Create executive dashboards on vulnerability and golden image security status.

Communicate findings to technical teams and leadership.

Maintain accurate vulnerability, asset, and golden image inventories.

Change Management

Continuous Improvement

Stay updated on emerging threats, vulnerabilities, and golden image security best practices.

Recommend tools for vulnerability, container, and golden image security management.

Support penetration testing, audits, and security training.

Required Qualifications

Technical Skills

2+ years in vulnerability management, cybersecurity or related experience.

Deep, hands-on expertise with leading vulnerability scanning platforms (Tenable, Qualys, etc.) 

Assessment of golden image reviews for Windows, Linux, Unix and Containers. 

Familiarity with network protocols, operating systems, and cloud platforms (AWS, Azure, GCP).

Experience with patch and configuration management tools (e.g., Tanium, Intune, SSM, JAMF).

Expert understanding of the vulnerability lifecycle, risk assessment, and advanced prioritization techniques (CVSS, EPSS, CWE, CISA KEV).

Understanding of frameworks like NIST, OWASP.

Familiarity with compliance standards (e.g., PCI DSS, SOX).

Knowledge of threat modeling and penetration testing. Familiar with scripting languages.

General Skills:

Strong critical thinking and analytical skills

Ability to approach problem solving in a constructive and collaborative way that does not require absolute security. 

• The ability to communicate complicated technical issues and risks to programmers, network engineers and managers.
• Strong project and team-building skills
• Exceptional communication skills with diverse audiences; the ability to be an application security subject matter expert who can explain relevant topics to general audiences.

Educational Requirements:

Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience  

Certifications in the field of Information Security (at least one of the following: CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB)

Experience Required:

A minimum of 2 years of experience.