Cyber Security Engineer - Vulnerability Management

Job Description

Job Description

Senior Cybersecurity Engineer – Vulnerability Management & Incident Response

Position Overview

Our client is seeking a highly technical Cybersecurity Engineer to lead and mature enterprise vulnerability management efforts while serving as a key contributor to incident response operations. This role is ideal for a security professional who enjoys balancing strategic program ownership with hands-on technical execution.

The successful candidate will take ownership of vulnerability identification, prioritization, remediation coordination, and reporting across infrastructure, applications, and cloud environments. In addition, this individual will provide critical support during high-priority security incidents and help strengthen the organization's overall security posture.

This role requires strong collaboration with engineering, infrastructure, and application teams, along with the ability to translate technical findings into actionable business risk decisions.

Key Responsibilities

Vulnerability Management

• Manage and continuously improve the organization's vulnerability management program.
• Perform and oversee vulnerability assessments across servers, endpoints, applications, cloud environments, and network infrastructure.
• Utilize tools such as Nessus, Qualys, or Rapid7 to identify, analyze, and prioritize security weaknesses.
• Partner directly with technical teams to drive remediation efforts from initial discovery through final validation.
• Verify corrective actions and ensure vulnerabilities have been successfully resolved.
• Develop reporting, dashboards, and metrics that provide visibility into risk exposure, remediation performance, and SLA compliance.
• Collaborate with development and infrastructure teams to incorporate security best practices throughout the technology lifecycle.
• Work with third-party providers and security partners to enhance scanning coverage, improve findings accuracy, and streamline remediation processes.

Incident Response & Security Operations

• Participate in the investigation and response of high-severity cybersecurity incidents.
• Provide after-hours and on-call support when required to ensure continuous incident coverage.
• Analyze alerts, triage threats, coordinate escalations, and support containment and recovery activities.
• Assist in strengthening detection and response capabilities across the security program.

Security Governance & Risk Management

• Maintain and enhance cybersecurity policies, standards, and procedures aligned with frameworks such as NIST, CIS, and ISO.
• Support internal and external audits by providing evidence, tracking findings, and coordinating remediation efforts.
• Communicate security risks, priorities, and program updates to leadership and key stakeholders.
• Evaluate remediation options while balancing operational requirements and business objectives.
• Mentor junior team members and provide guidance to external resources when necessary.

Security Engineering

• Support vulnerability management infrastructure, including scanners, agents, integrations, and reporting platforms.
• Assist with implementation and administration of security technologies such as SIEM, EDR, and cloud security solutions.
• Develop automation and process improvements that increase operational efficiency and security effectiveness.

Qualifications

Education & Experience

• Bachelor's degree in Information Security, Computer Science, or a related discipline.
• 7+ years of cybersecurity experience with significant hands-on involvement in vulnerability management and incident response.
• Proven experience operating and improving enterprise vulnerability management programs.
• Background supporting security incidents in production environments, including on-call or after-hours response responsibilities.

Technical Expertise

• Strong experience with vulnerability management platforms such as Qualys, Nessus, or Rapid7.
• Knowledge of cloud security and exposure management solutions, including platforms such as Wiz or Microsoft Defender for Cloud.
• Solid understanding of patch management, system hardening, network security, and vulnerability remediation practices.
• Experience working with Windows and Linux operating systems.
• Familiarity with SIEM technologies and security event investigations.
• Scripting or automation experience using PowerShell, Python, or similar technologies.
• Experience with workflow and ticketing platforms such as ServiceNow or Jira.

Security Frameworks

• Working knowledge of NIST Cybersecurity Framework, CIS Controls, and ISO 27001.
• Understanding of modern incident response methodologies and how they integrate with vulnerability management programs.

Professional Skills

• Strong written and verbal communication skills with the ability to engage both technical and business audiences.
• Ability to manage multiple priorities in a fast-paced environment.
• Demonstrated leadership, collaboration, and stakeholder management skills.
• Self-starter capable of working independently while driving security initiatives across multiple teams.
• Willingness to participate in off-hours and weekend incident response coverage as needed.