Cybersecurity Engineer – Threat & Vulnerability Management
Irving, Texas, United States of America
Full Time
2 hours ago
No Visa Sponsorship
Key skills
AWSAzureCloudCyber SecurityDNSFirewallsGoogle Cloud PlatformKubernetesMicroservicesPythonSDLCTCP/IPTerraformBashGCPGoogle CloudCloudFormationCI/CDLeadershipCommunicationCheckmarxOWASPPenetration TestingWAF
About this role
Role Overview
- Develop and maintain technical security requirements, standards, and documentation for vulnerability management and application security.
- Design and implement security solutions with emphasis on:
- Vulnerability Management (VM) platforms and processes
- Application Security tools (SAST, DAST, IAST)
- Web Application Firewalls (WAF)
- Secure coding practices and CI/CD pipeline integration.
- Perform vulnerability assessments and penetration testing for applications and systems; analyze findings and drive remediation efforts.
- Collaborate with development and operations teams to integrate security controls into DevOps workflows and Infrastructure as Code (IaC).
- Monitor and analyze system logs and security alerts to detect unauthorized access or anomalies.
- Create and present security metrics, vulnerability trends, and risk reports to leadership.
- Participate in incident response activities, providing technical expertise for application-related security incidents.
- Conduct periodic risk assessments for applications and supporting infrastructure.
- Evaluate and recommend security tools and technologies to enhance vulnerability detection and remediation capabilities.
- Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting application security.
Requirements
- Deep understanding of vulnerability management processes, CVSS scoring, and remediation strategies.
- Hands-on experience with application security tools (e.g., Veracode, Checkmarx, Burp Suite, OWASP ZAP).
- Strong knowledge of secure software development lifecycle (SDLC) and DevSecOps principles.
- Familiarity with container security, Kubernetes, and cloud-native application security.
- Experience securing cloud environments (AWS, Azure, GCP) and implementing IaC security controls (Terraform, CloudFormation).
- Proficiency in scripting and automation (Python, Bash, or similar) for vulnerability scanning and remediation workflows.
- Solid understanding of networking fundamentals, TCP/IP, OSI model, and application layer protocols (HTTP, SSL/TLS, DNS).
- Knowledge of security frameworks and standards (NIST CSF, ISO 27001, OWASP Top 10).
- Strong analytical skills for interpreting vulnerability data and assessing business impact.
- Excellent communication skills for collaborating with developers, operations teams, and leadership.
- Ability to think strategically, innovate, and implement scalable security solutions.
- Minimum of 1 to 5 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred.
- Minimum of 1 year experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering, or Network Operations, Information Technology, Application Development preferred.
- Bachelor’s Degree in related field or equivalent work experience strongly preferred.
- Cybersecurity related certifications strongly preferred.
- Experience with CI/CD security integration and automated vulnerability scanning.
- Familiarity with microservices architecture and securing APIs.
- Advanced technical writing and documentation skills.
- Knowledge of threat modeling and risk assessment methodologies.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- DNS
- Firewalls
- Google Cloud Platform
- Kubernetes
- Microservices
- Python
- SDLC
- TCP/IP
- Terraform
Benefits
- Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.