Security Engineer, Vulnerability Management | Remote US

What You'll Do

• Join a highly collaborative security operations team delivering vulnerability management services to Cloud Service Providers, and other organizations operating highly regulated environments.
• Review vulnerabilities from various sources and assess their risk level.
• Conduct regular and on-demand scanning activities for multiple customer environments.
• Configure and manage vulnerability management tools within customer environments.
• Assist customers with scanning their FedRAMP environment and managing false positives.
• Create a Plan of Action and Milestones (POAM) based on customer scan data.
• Communicate with internal management to provide insights and proposed remediation strategies.
• Create formal documentation, reports, and briefings using technical writing skills.
• Act as a liaison between the vulnerability management team, SRE teams, and customer teams.
• Develop and maintain standard operating procedures, training documents, and troubleshooting guidelines.
• Configure and troubleshoot scanning devices.
• Provide guidance and instruction to clients and team members.
• Manage tickets and customer requests.
• Work independently and with vendors to troubleshoot vulnerability assessment tools.
• Oversee and coordinate escalations with a focus on expedited resolution.
• Analyze identified vulnerabilities to identify false positives or environmental factors that affect the risk scoring and ensure the POAM is updated to reflect that analysis.

What You’ll Bring

• US citizenship (required due to client contractual requirements)
• Experience supporting clients in a managed service organization.
• Familiarity with ITSM solutions (e.g., Jira, ServiceNow) and meeting SLAs.
• 2-4 years of experience in professional services, vulnerability management, and compliance monitoring.
• Skills in web application testing, API testing, and network testing.
• Previous experience with tools like Burp Suite Professional or similar DAST tools.
• Ability to analyze information security vulnerabilities and collaborate with teams for remediation.
• Experience developing playbooks, runbooks, and troubleshooting technical issues.
• Knowledge of vulnerability scoring systems (CVSS/CMSS).
• Experience with vulnerability scanning tools (e.g., Nessus, Burp Suite).
• Ability to analyze vulnerabilities and adjust risk ratings based on internal factors.
• Familiarity with OS Baseline Configuration standards (e.g., CIS Critical Security Controls Scanning).
• Excellent communication, organizational, and problem-solving skills.
• Experience working with auditors to ensure adherence to controls, policies, and standards.
• Strong documentation skills, including technical diagrams and descriptions.
• Ability to work independently and as part of a team with a professional attitude and demeanor.
• Critical thinking, and ability to balance environmental requirements with mission needs.
• BS or above in a related Information Technology field or equivalent combination of education and experience

Bonus Points

• Previous experience supporting 24x7x365 security operations for a SaaS vendor.
• Certifications in Cloud Vendors, as well as with organizations such as PMP, CISSP, CISM, or CISA
• Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc.