Sr. Security Engineer, Vulnerability Management
New
United StatesFull-TimeSenior
Salary112,000 - 140,000 USD per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 8+ years of experience in cybersecurity with at least 3 years focused on vulnerability management, risk management, or related security functions.
- Required Skills
- AWSCybersecurityGCPAzureSaaS
Requirements
- Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
- 8+ years of experience in cybersecurity with at least 3 years focused on vulnerability management, risk management, or related security functions.
- SaaS environment experience is required.
- Hands-on expertise with vulnerability management platforms (e.g., Wiz, Tenable, Qualys, Rapid7, Vulcan, Kenna).
- Strong knowledge of vulnerability scoring frameworks (CVSS), patch management processes, remediation SLAs, and risk-based prioritization.
- Strong understanding of operating systems (Windows, Linux, macOS), networking, and cloud platforms (AWS, Azure, GCP).
- Experience with cloud security tools and CSPM/CNAPP platforms such as Wiz, Prisma Cloud, or Orca.
Responsibilities
- Own and advance the enterprise vulnerability management lifecycle with a focus on scanning, triage, risk scoring, remediation tracking, validation, and continuous improvement.
- Leverage and modernize AI systems to automate patches and configuration changes, driving toward near real-time resolution of exploits.
- Optimize the vulnerability management platform and related tools, ensuring accurate, automated, and scalable coverage across infrastructure, applications, and cloud environments.
- Develop and deliver meaningful metrics and executive reporting to drive accountability, measure progress, and inform leadership on vulnerability posture and remediation performance.
- Communicate vulnerability status, remediation progress, and SLA performance through recurring updates and appropriate governance forums.
- Apply a risk-based prioritization model using CVSS, system criticality, threat intelligence, environmental context, and compensating controls to determine remediation urgency.
- Partner cross-functionally with the Red Team, IT, Engineering, SRE, Compliance, and service owners to identify, track, and mitigate risks tied to unsupported technologies, end-of-life systems, legacy services, and cloud-native vulnerabilities.
- Manage scanning exemptions and vulnerability exceptions, including documentation, business justification, review, remediation planning, and tracking through established processes.
- Help improve asset ownership, routing, and reporting coverage so vulnerability findings are consistently delivered to the correct teams and actioned effectively.
- Drive visibility and remediation of cloud misconfigurations, exposed services, over-permissioned identities, and other cloud-native risks in partnership with teams across the organization.
View Full Description & ApplyYou'll be redirected to the employer's site
