Vulnerability Management Engineer
Austin, Texas, United States of America
Full Time
2 weeks ago
Visa Sponsor
Key skills
Change ManagementCommunicationRemote Work
About this role
Role Overview
- Conduct vulnerability scanning, and perform in-depth analysis of findings from scanning tools (e.g., Qualys, Nessus, Rapid7), to verify accuracy, identify systemic patterns, and filter out false positives.
- Triage, validate and prioritise vulnerabilities using risk based approaches to determine real business impact, and working with engineering and compliance teams to agree remediation actions and timelines.
- Develop, document, and deliver technical remediation guidance and solutions to enable application and infrastructure teams to remediate efficiently and consistently.
- Support DOD IL4 and Fedramp preparation, by ensuring vulnerability management processes, evidence, reporting, and controls meet regulatory and assurance expectations.
- Work closely with engineering and service teams to embed vulnerability management into delivery pipelines, operational processes and change management.
- Establish strong relationships with engineering teams to track and report status and remediation progress.
- Manage and track the remediation backlog, maintaining focus on risk reduction and measurable progress.
- Contribute to the continuous improvement of vulnerability management standards, procedures, and playbooks, ensuring alignment with IL4, Fedramp and other compliance requirements.
Requirements
- Solid understanding of DoD Impact level IL4, FedRAMP, SOC-2, and PCI frameworks.
- 3+ years Vulnerability Management experience in a heavily regulated environment.
- Bachelor's degree in Computer Science, Information Security, or security certifications in a related field.
- Strong communication (written and verbal) and interpersonal skills, with the ability to effectively collaborate with technical and non-technical teams.
- A strong understanding of CVSS (Common Vulnerability Scoring System) and how to apply risk assessment methodologies in a business context to support remediation.
- Hands-on experience with vulnerability scanning platforms (e.g., Qualys, Nessus, Rapid7 InsightVM).
- Strong analytical skills to identify patterns in data and distinguish between theoretical risk and actual exploitability.
Benefits
- Health insurance
- 401(k) matching
- Flexible working hours
- Paid time off
- Remote work options