Vulnerability Management Engineer

About the Company

The Threat & Vulnerability Management Engineer is responsible for the deployment, configuration, and management of vulnerability management tools and delivery of related services. The role of Threat & Vulnerability Management Engineer is to detect security vulnerabilities in information systems and drive resolution in compliance with corporate security policy. You will work with system owners to evaluate vulnerability findings, identify false-positives, and prepare & deploy patches.

About the Role

The Threat & Vulnerability Management Engineer is responsible for the deployment, configuration, and management of vulnerability management tools and delivery of related services.

Responsibilities

• Collaborate with key stakeholders including senior leadership to research, develop and implement an efficient architecture to discover vulnerabilities in both shoreside and maritime systems.
• Manage the entire vulnerability lifecycle from discovery, triage, remediation, and validation.
• Create and evolve a risk prioritization framework that accounts for multiple factors including vulnerability severity, system function, and network accessibility.
• Help asset owners create effective solutions to safely patch infrastructure at scale, including assisting with automated deployment of common patches.
• Promote effective remediation while preserving stakeholder happiness.
• Manage day-to-day workflow to ensure vulnerabilities are remediated within proper timelines.
• Create process automation including scripting and API integrations.

Qualifications

• Bachelors degree in information security or equivalent. Advanced degree preferred.
• 4+ years of information technology experience, including 2+ years of specialization in vulnerability management.
• Vulnerability Management experience, especially with vulnerability scanners (e.g. Rapid7 IVM, Tenable, etc.) and experience remediating issues with system owners.
• Experience hardening system images according to industry baselines, such as CIS Benchmarks.
• Experience with cloud security posture management tools (e.g. Orca Security, Prisma, Wiz, etc.) and remediating vulnerabilities and misconfigurations in cloud environments.
• Nexpose Certified Administrator certification strongly preferred.
• Vulnerability exploitation certifications including GEVA, GPEN, OSCP, or similar preferred.
• Application Security experience using SAST/DAST/SCA tools preferred.
• Scripting experience in Python, PowerShell, or similar tools preferred.

Equal Opportunity Statement

We are committed to diversity and inclusivity in our hiring practices.